Good question. Probably a medium warning that there is broken browsers
who can misunderstand the results of TRACE..
You can always disable TRACE to be on the safe side.. it is not a
method normally used.
acl TRACE method TRACE
http_access deny TRACE
I have not idea how to even invoke a TRACE from a browser. Have only
seen it done with special purpose tools..
Regards
Henrik
On Friday 07 March 2003 14.48, Victor Jose Hernandez Gomez wrote:
> Hi,
>
> We are using nessus, as a helper app to look for vulnerabilities in
> our network. The last version of nessus has shown the warning you
> will find in the next lines, attached to the port squid is
> listening to, żdo you know if it may represent a vulnerability or
> it is just a false positive? I am not very sure, as TRACE is not
> normaly used.
>
> Thank you for your help,
Received on Fri Mar 07 2003 - 11:04:43 MST
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:13:57 MST