Debugging functions are enabled on the remote web server.;; The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK; are HTTP methods which are used to debug web server connections.
Description:
Summary: Debugging functions are enabled on the remote web server.
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.
Vulnerability Insight: It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers.
Vulnerability Impact: An attacker may use this flaw to trick your legitimate web users to give him their credentials.
Affected Software/OS: Web servers with enabled TRACE and/or TRACK methods.
Solution: Disable the TRACE and TRACK methods in your web server configuration.
Please see the manual of your web server or the references for more information.