Nmap Development mailing list archives

Re: NSE Script http-methods.nse

From: David Fifield <david () bamsoftware com>
Date: Tue, 23 Feb 2010 09:40:32 -0700

On Tue, Feb 23, 2010 at 02:00:28PM +0100, Patrik Karlsson wrote:

I just ran the script against an IIS 6.0 of mine and noticed that it wasn't detecting PUT which I had enabled.
The reason for this is that PUT appears in the Public HTTP header rather than in the Allow header.

In my case the response to the OPTIONS request looks like this:
HTTP/1.1 200 OK
Connection: close
Date: Tue, 23 Feb 2010 12:45:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
MS-Author-Via: DAV
Content-Length: 0
Accept-Ranges: none
DASL: <DAV:sql>
DAV: 1, 2
Public: OPTIONS, TRACE, GET, HEAD, DELETE, PUT, POST, COPY, MOVE, MKCOL, PROPFIND, PROPPATCH, LOCK, UNLOCK, SEARCH
Allow: OPTIONS, TRACE, GET, HEAD, COPY, PROPFIND, SEARCH, LOCK, UNLOCK
Cache-Control: private

Here's some more info on the Public header:
http://www.w3.org/Protocols/HTTP/Object_Headers.html#public

Maybe the contents of the Public and Allow headers should be merged?


RFC 2616, the definition of HTTP/1.1, says in section 19.6.3,

        The Alternates, Content-Version, Derived-From, Link, URI, Public
        and Content-Base header fields were defined in previous versions
        of this specification, but not commonly implemented. See RFC 2068.

RFC 2068, which is an earlier draft of RFC 2616, says this about Public
in section 14.35

        The Public response-header field lists the set of methods
        supported by the server. The purpose of this field is strictly to
        inform the recipient of the capabilities of the server regarding
        unusual methods. The methods listed may or may not be applicable
        to the Request-URI; the Allow header field (section 14.7) MAY be
        used to indicate methods allowed for a particular URI.

So yes, I think it's a good idea to merge the fields. It should have a
comment saying that Public was withdrawn in RFC 2616, but is implemented
by at least IIS 6.0.

Out of curiosity, what does this server return for the request

OPTIONS * HTTP/1.0

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Current thread:

Re: NSE Script http-methods.nse, (continued)
- - - Re: NSE Script http-methods.nse David Fifield (Feb 01)
    - Re: NSE Script http-methods.nse David Fifield (Feb 18)
    - Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 19)
    - Re: NSE Script http-methods.nse David Fifield (Feb 19)
    - Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 19)
    - Re: NSE Script http-methods.nse David Fifield (Feb 19)
    - Re: NSE Script http-methods.nse Daniel Roethlisberger (Feb 20)
    - Re: NSE Script http-methods.nse David Fifield (Feb 22)
    - Re: NSE Script http-methods.nse Fyodor (Feb 22)
    - Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
    - Re: NSE Script http-methods.nse David Fifield (Feb 23)
    - Re: NSE Script http-methods.nse Patrik Karlsson (Feb 23)
    - Re: NSE Script http-methods.nse David Fifield (Mar 02)
    - Re: NSE Script http-methods.nse Daniel Roethlisberger (Mar 05)
    - Re: NSE Script http-methods.nse Bernd Stroessenreuther (Mar 05)
    - Re: NSE Script http-methods.nse Vlatko Kosturjak (Feb 21)
    - Re: NSE Script http-methods.nse David Fifield (Feb 22)
    - Re: NSE Script http-methods.nse Bernd Stroessenreuther (Feb 23)
    - Re: NSE Script http-methods.nse David Fifield (Feb 23)