GEN:SID | 1:2056 |
Message | WEB-MISC TRACE attempt |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in a web server using the TRACE command.
|
Impact | Possible disclosure of information.
|
Detailed Information | The TRACE method is used when debugging a webserver to ensure that server returns information to the client correctly. When used with other vulnerabilities it is possible to use the TRACE method to return sensitive information from a webserver such as authentication data and cookies.
This is known as a Cross Site Tracing (XST) attack.
|
Affected Systems | All platforms running a webserver that responds to the TRACE method.
|
Attack Scenarios | The attacker needs to perform a TRACE request to a vulnerable server.
|
Ease of Attack | Simple
|
Corrective Action | Disable the webserver from responding to TRACE requests.
|
Additional References | CERT: http://www.kb.cert.org/vuls/id/867593
Nessus: http://cgi.nessus.org/plugins/dump.php3?id=11213
RFC: http://www.ietf.org/rfc/rfc2616.txt
|
Rule References | bugtraq: 9561
nessus: 11213
url: www.whitehatsec.com/press_releases/WH-PR-20030120.pdf
|