May 12, 2021
RE: HTTP OPTIONS Method Enabled and Implications for INSIGHT DLP Appliances
Dear INSIGHT Appliance Customer:
As you may be aware, some vulnerability scanning tools may indicate HTTP OPTIONS Method Enabled as a vulnerability/exploit for the INSIGHT Appliances. The summary of this potential security vulnerability is that web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts. Please note that this vulnerability/exploit does not affect INSIGHT Appliances, as INSIGHT Appliances webUI does not expose any other methods. The OPTIONS method is a diagnostic method, which returns a message useful for debugging.
The INSIGHT Development team will however continue to evaluate the “HTTP OPTIONS Method Enabled” potential vulnerabilities and if any further action or updates/patches are required to resolve any issues, then the update/patch will be included in a future IDACT update. At this time no further action will be taken.
If you have any questions or concerns, please contact the INSIGHT Support Team.
INSIGHT Support Team