Hi
While checking for the application security, we have found that the POST Servlet is exposed, which allows to anonymous user to add jcr:node
POST /.json;%0AKPI.css HTTP/2
Host: <domain>
User-Agent: curl/7.30.0
Accept-Encoding: gzip, deflate
Accept: /
Content-Type: application/x-www-form-urlencoded
Referer: <doamin>
Content-Length: 14
:operation=nop
we have just use NOP operation to prove it’s exposed ,attacker can use any other operation here
What's the best possible way to restrict it without impact the running application?
Thanks,
Rajendra