My Oracle Support Banner

Web Frameworks Provide A Way To Override The HTTP Method (Doc ID 3007238.1)

Last updated on MARCH 25, 2024

Applies to:

Oracle Utilities Customer Care and Billing - Version 2.8.0.0.0 and later
Oracle Utilities Framework - Version 4.4.0.3.0 and later
Information in this document applies to any platform.

Goal

Web frameworks provide a way to override the HTTP method.

In order to protect access to various resources, web servers may be configured to prevent the usage of specific HTTP verbs.

However, some web frameworks provide a way to override the HTTP method in the request by supplying specific HTTP request headers. This feature is typically used when a web or proxy server restricts certain verbs, but the application needs to use them, especially in RESTful services. It is possible for a malicious user to take advantage of this feature to bypass HTTP verbs restrictions implemented on a server. Doing so may allow the attacker to perform unintended actions on protected resources in the web application.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Goal
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.