How to Disable TRACE Method on Apache
Posted: 31. January 2007 03:05The Vulnerability Scanner Software said:
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
The impact of this vulnerability
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.
But who knows how to Disable TRACE Method ?
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
The impact of this vulnerability
Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data.
But who knows how to Disable TRACE Method ?