Portal for ArcGIS accepts HTTP 'PUT' and 'DELETE' requests, which can be considered as a security issue.
Last Published: March 6, 2015ArcGIS for Server
Bug ID Number
February 20, 2015
February 15, 2023
ArcGIS for Server
Operating System Version
2008 R2 64 Bit
After review by the development team, it has been determined that this issue is related to a known limitation with the software that lies outside of Esri's control. The issue's Additional Information section may contain further explanation.
This issue is addressed in Portal version 10.2.1 and later.
As documented, access Portal for ArcGIS via the web adaptor. In the case of IIS, the verbs 'put' and 'delete' are disabled by default, thus remediating this issue.