Penetration Testing mailing list archives

Re: http TRACE option

From: "Campbell Murray" <electronichacker () googlemail com>
Date: Mon, 21 Jan 2008 15:31:04 +0000

http://en.wikipedia.org/wiki/Cross-site_tracing

http://www.kb.cert.org/vuls/id/867593

Campbell

On 17/01/2008, pentestr <pentestr () gmail com> wrote:

Hi,
what is the issue if TRACE option is enabled in web servers ? Nessus
results always display it as warning.
any idea...

Thanks in advance.
Rgds.
P.T.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

http TRACE option pentestr (Jan 18)
- Re: http TRACE option jeffrey rivero (Jan 22)
- Re: http TRACE option Tim (Jan 22)
- Re: http TRACE option Florencio Cano (Jan 22)
- Re: http TRACE option Campbell Murray (Jan 22)
- Re: http TRACE option Chris McNab (Jan 22)
- RE: http TRACE option Maxime Ducharme (Jan 22)
- Re: http TRACE option Gleb Paharenko (Jan 22)
- Re: http TRACE option Alexander Bondarenko (Jan 22)
- Re: http TRACE option José M. Palazón Romero (Jan 22)
- Re: http TRACE option rajat swarup (Jan 22)
- RE: http TRACE option benoni.martin (Jan 22)
- Re: http TRACE option Bipin Upadhyay (Jan 22)
- Re: http TRACE option Trancer (Jan 22)