Many URL authentication and authorization mechanisms make security
decisions based on the HTTP verb in the request. Many of these
mechanisms work in a counter-intuitive way. This fact, in combination
with some oddities in the way that both web and application servers
handle unexpected HTTP verbs causes the rules dictated by those
mechanisms to be bypassable.
This article goes into detail discussing this vulnerability and how the various vendors are affected. What do you think about this attack do you think we should be concerned?
The link for this article located at webappsec is no longer available.