Re: http TRACE option

From: Florencio Cano (florencio.cano@gmail.com)
Date: Tue Jan 22 2008 - 07:51:58 EST


> what is the issue if TRACE option is enabled in web servers ?

Here you have info about it:

"XST Strikes Back", Amit Klein, BugTraq posting, January
25th, 2006
http://www.securityfocus.com/archive/1/423028

"Cross Site Tracing", Jeremiah Grossman, WhiteHat Security
whitepaper, January 20th, 2003
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT