Hi,
We are using nessus, as a helper app to look for vulnerabilities in our
network. The last version of nessus has shown the warning you will find
in the next lines, attached to the port squid is listening to, ¿do you
know if it may represent a vulnerability or it is just a false positive?
I am not very sure, as TRACE is not normaly used.
Thank you for your help,
--
Centro de Informática y Comunicaciones
Universidad Pablo de Olavide, de Sevilla
--------------------------------------------------------------------
Your webserver supports the TRACE and/or TRACK methods. It has been
shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
'Cross-Site-Tracing', when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
If you are using Microsoft IIS, use the URLScan tool to deny HTTP TRACE
requests or to permit only the methods needed to meet site requirements
and policy.
See http://www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0035.html
--------------------------------------------------------------------
Received on Fri Mar 07 2003 - 06:47:35 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST