Configuration Medium Arbitrary file uploads could affect application or system integrity. This could occur if an attacker were to overwrite a resource pre-existing on the server. The server configuration settings should be reviewed to identify and disable the misconfiguration. Apache allows for methods such as PUT and DELETE to be restricted using the LIMIT directive. The HTTP PUT method was designed to allow HTTP clients to store resources on a HTTP server. In implementations, this has typically meant file upload capability. As the HTTP RFC states that a server should overwrite pre-existing resources located at the URI of a PUT request, a loss of system or application integrity could occur if such a request were made. RFC 2616 - HTTP 1.1: Section 9 (IETF) Apache httpd Core Documentation: Limit Directive (Apache) OSVDB 397: Multiple Web Server Dangerous HTTP Method PUT (OSVDB)