How to turn off Trace in http Methods to improve security awareness
- 2020-05-06 12:09:22
- OfStack
Using the Nikto test server, you found that HTTP turned on the trace method.
TRACE and TRACK are HTTP modes for debugging web server connections.
Servers that support this approach have cross-site scripting vulnerabilities, and "Cross-Site-Tracing" is often referred to simply as XST when describing various browser flaws.
Attackers can exploit this vulnerability to trick legitimate users into getting their private information.
Solution: disable these methods.
Close by adding TraceEnable off to the configuration file http.conf.
TRACE and TRACK are HTTP modes for debugging web server connections.
Servers that support this approach have cross-site scripting vulnerabilities, and "Cross-Site-Tracing" is often referred to simply as XST when describing various browser flaws.
Attackers can exploit this vulnerability to trick legitimate users into getting their private information.
Solution: disable these methods.
Close by adding TraceEnable off to the configuration file http.conf.