Re: [squid-users] nessus warning

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Fri, 7 Mar 2003 19:07:53 +0100

Good question. Probably a medium warning that there is broken browsers
who can misunderstand the results of TRACE..

You can always disable TRACE to be on the safe side.. it is not a
method normally used.

acl TRACE method TRACE
http_access deny TRACE

I have not idea how to even invoke a TRACE from a browser. Have only
seen it done with special purpose tools..

Regards
Henrik

On Friday 07 March 2003 14.48, Victor Jose Hernandez Gomez wrote:
> Hi,
>
> We are using nessus, as a helper app to look for vulnerabilities in
> our network. The last version of nessus has shown the warning you
> will find in the next lines, attached to the port squid is
> listening to, żdo you know if it may represent a vulnerability or
> it is just a false positive? I am not very sure, as TRACE is not
> normaly used.
>
> Thank you for your help,
Received on Fri Mar 07 2003 - 11:04:43 MST

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST