| |||||||||||||
| Test ID: | 11213 |
| Category: | CGI abuses : XSS |
| Title: | HTTP TRACE Method Enabled |
| Summary: | http TRACE XSS attack |
| Description: | Synopsis : Debugging functions are enabled on the remote HTTP server. Description : The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials. Solution : Disable these methods. See also : http://www.kb.cert.org/vuls/id/867593 Risk factor : Low / CVSS Base Score : 2 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N) |
| Cross-Ref: |
BugTraq ID: 9506 BugTraq ID: 9561 BugTraq ID: 11604 Common Vulnerability Exposure (CVE) ID: CVE-2004-2320 http://dev2dev.bea.com/pub/advisory/68 CERT/CC vulnerability note: VU#867593 http://www.kb.cert.org/vuls/id/867593 http://www.securityfocus.com/bid/9506 http://www.osvdb.org/3726 http://www.securitytracker.com/alerts/2004/Jan/1008866.html http://secunia.com/advisories/10726 XForce ISS Database: weblogic-trace-xss(14959) http://xforce.iss.net/xforce/xfdb/14959 |
| Copyright | This script is Copyright (C) 2003 E-Soft Inc. |
| This is only one of 24975 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |
|
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois
© 1998-2010 E-Soft Inc. All rights reserved.