CVE-2021-35243

Name of the Vulnerable Software and Affected Versions: Web Help Desk versions 12.7.7 and earlier

Description: The HTTP PUT and DELETE methods were enabled in the Web Help Desk web server, allowing users to execute dangerous HTTP requests. The HTTP PUT method is normally used to upload data that is saved on the server with a user-supplied URL. While the DELETE method requests that the origin server removes the association between the target resource and its current functionality. Improper use of these methods may lead to a loss of integrity.

Recommendations: For versions 12.7.7 and earlier, consider disabling the HTTP PUT and DELETE methods to prevent users from executing dangerous HTTP requests until a patch is available. Restrict access to the Web Help Desk web server to minimize the risk of exploitation. Avoid using user-supplied URLs for uploading data to the server.