cancel
Showing results for 
Search instead for 
Did you mean: 

Vulnerability scanner HTTP DELETE Method Enabled

Jump to solution

Hi,

Our Rapid7 vulnerability scanner has detected that the HTTP DELETE Method is enabled on the ePO 5.9.1 server. I'm struggling to find how to address this as McAfee KB articles regarding this simply say "don't worry about it, it's not possible to exploit...." but doesn't help address the scanner finding and environment vulnerability score.

https://kc.mcafee.com/corporate/index?page=content&id=KB81707

https://kc.mcafee.com/corporate/index?page=content&id=KB89986

Any ideas how I can disable this properly regardless of it not being a threat if only to appease the scanner? A web search does provide generic help but never anything specific to this McAfee setup.

Cheers
Jamie

Labels (1)
1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Vulnerability scanner HTTP DELETE Method Enabled

Jump to solution

Hi @randleTU,

Thank you for your response. I am afraid McAfee does not have any recommendations to appease the scanner as the scanner is merely doing it's job of finding the holes and we have responsible closed it by blocking the use of that "method()".

We can only suggest you to create an exclusion for that particular Vulnerability from being scanned by your scanner for our ePO Server.

I honestly think you already are aware of everything said by us above since you have posted the relevant KBAs and your understanding is apparent form the post, hence I would recommend trying to exclude this scanning and probably finding a way to achieve it via your scanner! I sincerely hope this helps and apologies for the inconvenience.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

5 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 6

Re: Vulnerability scanner HTTP DELETE Method Enabled

Jump to solution

Per the kb's you mentioned, it is already disabled in epo.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: Vulnerability scanner HTTP DELETE Method Enabled

Jump to solution

Yes, I'm aware of that and was what i was inferring in my opener but the vulnerability scanner still detects this, so ePO is still advertising it in a way that the scanner picks this up as vulnerable. 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 6

Re: Vulnerability scanner HTTP DELETE Method Enabled

Jump to solution

Hi @randleTU,

Thank you for your response. I am afraid McAfee does not have any recommendations to appease the scanner as the scanner is merely doing it's job of finding the holes and we have responsible closed it by blocking the use of that "method()".

We can only suggest you to create an exclusion for that particular Vulnerability from being scanned by your scanner for our ePO Server.

I honestly think you already are aware of everything said by us above since you have posted the relevant KBAs and your understanding is apparent form the post, hence I would recommend trying to exclude this scanning and probably finding a way to achieve it via your scanner! I sincerely hope this helps and apologies for the inconvenience.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T

View solution in original post

Highlighted

Re: Vulnerability scanner HTTP DELETE Method Enabled

Jump to solution

Hi Adithyan,

Many thanks for your reply and confirmation. I've spoken to the team responsible for the scanner and does appear an exclusion can be made as long as the business risk is accepted. I've provided both articles to them so hopefully this will be accepted going forward.

Thanks for your time.

Jamie

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 6 of 6

Re: Vulnerability scanner HTTP DELETE Method Enabled

Jump to solution

Hi @randleTU (Jamie),

Thank you for your kind update. I am glad we could be helpful here! kudos to your for keeping us posted and helping others with similar queries in the forum.

Happy Holidays! 🙂

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

Thanks and regards,
Adithyan T
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community