Re: http TRACE option

From: Campbell Murray (electronichacker@googlemail.com)
Date: Mon Jan 21 2008 - 10:31:04 EST

• Next message: Chris McNab: "Re: http TRACE option"
• Previous message: Jason Thompson: "Re: Oracle URL SQL Injection issue"
• In reply to: pentestr: "http TRACE option"
• Next in thread: Chris McNab: "Re: http TRACE option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://en.wikipedia.org/wiki/Cross-site_tracing

http://www.kb.cert.org/vuls/id/867593

Campbell

On 17/01/2008, pentestr <pentestr@gmail.com> wrote:
> Hi,
> what is the issue if TRACE option is enabled in web servers ? Nessus
> results always display it as warning.
> any idea...
>
> Thanks in advance.
> Rgds.
> P.T.
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Chris McNab: "Re: http TRACE option"
• Previous message: Jason Thompson: "Re: Oracle URL SQL Injection issue"
• In reply to: pentestr: "http TRACE option"
• Next in thread: Chris McNab: "Re: http TRACE option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT