CVE-2021-35243

HIGH Year: 2021
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-749
View all →

Vulnerability Description

The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

Related Vulnerabilities

CVE-2006-1547

HIGH
CVSS:7.5(High)

ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name ...

CWE-7492006

CVE-2010-1428

HIGH
CVSS:7.5(High)

The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for ...

CWE-7492010

CVE-2021-33639

HIGH
CVSS:7.5(High)

REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.

CWE-7492021

CVE-2023-34227

HIGH
CVSS:7.5(High)

In JetBrains TeamCity before 2023.05 a specific endpoint was vulnerable to brute force attacks

CWE-7492023

CVE-2023-3655

HIGH
CVSS:7.5(High)

cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system setti...

CWE-7492023

CVE-2023-42032

HIGH
CVSS:7.5(High)

Visualware MyConnection Server doRTAAccessUPass Exposed Dangerous Method Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected ...

CWE-7492023