The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.
References
Link | Resource |
---|---|
https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US | Release Notes Vendor Advisory |
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243 | Vendor Advisory |
Configurations
History
07 Jan 2022, 16:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
First Time |
Solarwinds
Solarwinds web Help Desk |
|
CPE | cpe:2.3:a:solarwinds:web_help_desk:*:*:*:*:*:*:*:* | |
CWE | NVD-CWE-Other | |
References | (MISC) https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35243 - Vendor Advisory | |
References | (MISC) https://support.solarwinds.com/SuccessCenter/s/article/Web-Help-Desk-12-7-7-Hotfix-1-Release-Notes?language=en_US - Release Notes, Vendor Advisory |
27 Dec 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
Summary | The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server (12.7.7 and earlier), allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity. | |
References |
|
23 Dec 2021, 20:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-12-23 20:15
Updated : 2023-12-10 14:09
NVD link : CVE-2021-35243
Mitre link : CVE-2021-35243
CVE.ORG link : CVE-2021-35243
JSON object : View
Products Affected
solarwinds
- web_help_desk
CWE