httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From syona m <>
Subject Re: [users@httpd] Help required for security vulnerabilities in 1.3.29
Date Thu, 15 Dec 2005 13:43:50 GMT
Hi All,
  I have come to know that by default DELETE and PUT methods are disable in apache webserver.
Is there any way I can test for the same?
  Following the tips mentioned in the following sites

"To test the PUT method, use a tool like curl to attempt a file upload:
curl -T test.asp
 Next, try to access the file. If you can, then the PUT method is enabled.
To test the DELETE method, connect to the server using telnet and issue the following command:
DELETE / HTTP/1.0\n \n
 where is the file you want to delete (ie: index.html). If the file gets removed, the DELETE
method is enabled"

Using the curl tool it was seen that PUT methods is not Impactingour software
D:\curl\curl-7.15.0>curl -T README http://xxx:8080/
<TITLE>405 Method Not Allowed</TITLE>
<H1>Method Not Allowed</H1>
The requested method PUT is not allowed for the URL /README.<P>
<ADDRESS>Apache/1.3.29 Server at indmft6 Port 8080</ADDRESS>

For using the same tool for DELETE method we were not able to login to the server
  trying directly to test the method DELETE
  DELETE <file>  HTTP/1.0\n \n 
DELETE: not found 
  I got this  whether this a valid testing result  or is command:  not found  is a message
coming from the Solaris operating system
  Please let me know is there any other way I could verify for sure this method not being
used by the apache installed in my machine
  Thanks for the help

"William A. Rowe, Jr." <> wrote:
  Nick Kew wrote:
> On Tuesday 29 November 2005 12:17, Joost de Heer wrote:
>>1.3.34 was released several weeks ago (at least the Unix version, did
>>William Rowe upload the win32 1.3.34 binary yet?)
> I can't find the reference just now, but he later suggested this lack of 
> interest means we can finally declare 1.3-on-windows dead.

Yes, at which point Randy our Guru of Win32/modperl reminded me that many
folks do use this, and he personally vouched for the installer.

So, yes, these have been up for the past week.


The official User-To-User support forum of the Apache HTTP Server Project.
See for more info.
To unsubscribe, e-mail:
" from the digest:
For additional commands, e-mail:


Yahoo! Shopping
 Find Great Deals on Holiday Gifts at Yahoo! Shopping 
View raw message