The PRTG web server accepts PUT and DELETE requests. Is this a security issue?

Votes:

0

Your Vote:

Up

Down

A security scanner was able to send a test file to the PRTG web server without providing any login data. Does this mean a security leak?

prtg security webserver

Created on Dec 10, 2010 3:33:40 PM by Daniel Zobel [Paessler Support] (21,383) 3 3



1 Reply

Accepted Answer

Votes:

0

Your Vote:

Up

Down

No, the security of the PRTG web server is not compromised. It only processes GET, POST, and HEAD requests. PUT and DELETE requests are accepted, but the sent data is not processed at all. It is discarded.

In order to make it easy to detect denial of service (DoS) attacks, PRTG will write an entry in its log file for each discarded request.

Created on Dec 10, 2010 3:40:24 PM by Daniel Zobel [Paessler Support] (21,383) 3 3



Please log in or register to enter your reply.


Disclaimer: The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.

Back to www.paessler.com

PRTG
Network Monitor
Intuitive to Use.
Easy to manage.

150.000 administrators have chosen PRTG to monitor their network. Find out how you can reduce cost, increase QoS and ease planning, as well.

Visit
www.paessler.com

What is this?

This knowledgebase contains questions and answers about PRTG Network Monitor and network monitoring in general. You are invited to get involved by asking and answering questions!

Learn more

Top Tags


View all Tags