Test ID:	11213
Category:	Web application abuses
Title:	HTTP Debugging Methods (TRACE/TRACK) Enabled
Summary:	Debugging functions are enabled on the remote web server.;; The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK; are HTTP methods which are used to debug web server connections.
Description:	Summary: Debugging functions are enabled on the remote web server. The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. Vulnerability Insight: It has been shown that web servers supporting this methods are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers. Vulnerability Impact: An attacker may use this flaw to trick your legitimate web users to give him their credentials. Affected Software/OS: Web servers with enabled TRACE and/or TRACK methods. Solution: Disable the TRACE and TRACK methods in your web server configuration. Please see the manual of your web server or the references for more information. CVSS Score: 5.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Cross-Ref:	BugTraq ID: 9506 BugTraq ID: 9561 BugTraq ID: 11604 BugTraq ID: 15222 BugTraq ID: 33374 BugTraq ID: 37995 Common Vulnerability Exposure (CVE) ID: CVE-2003-1567 http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html http://www.aqtronix.com/Advisories/AQ-2003-02.txt CERT/CC vulnerability note: VU#288308 http://www.kb.cert.org/vuls/id/288308 http://www.osvdb.org/5648 Common Vulnerability Exposure (CVE) ID: CVE-2004-2320 http://dev2dev.bea.com/pub/advisory/68 CERT/CC vulnerability note: VU#867593 http://www.kb.cert.org/vuls/id/867593 http://www.securityfocus.com/bid/9506 http://www.osvdb.org/3726 http://www.securitytracker.com/alerts/2004/Jan/1008866.html http://secunia.com/advisories/10726 XForce ISS Database: weblogic-trace-xss(14959) https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 Common Vulnerability Exposure (CVE) ID: CVE-2004-2763 http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html Common Vulnerability Exposure (CVE) ID: CVE-2005-3398 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1 http://www.securityfocus.com/bid/15222 http://www.vupen.com/english/advisories/2005/2226 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1445 http://securitytracker.com/id?1015112 http://secunia.com/advisories/17334 Common Vulnerability Exposure (CVE) ID: CVE-2010-0386 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
Copyright	This script is Copyright (C) 2003 E-Soft Inc.

This is only one of 68714 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: