Description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

Remediation

Disable TRACE Method on the web server.

References

W3C - RFC 2616

US-CERT VU#867593

Cross-site tracing (XST)

Related Vulnerabilities

WordPress Plugin Timetable and Event Schedule by MotoPress Information Disclosure (2.3.19)

WordPress Plugin Media Library Assistant Information Disclosure (3.00)

WordPress Plugin User Profile Picture Information Disclosure (2.4.0)

WordPress Plugin SiteGuard WP Information Disclosure (1.7.6)

Mojolicious weak secret key

Severity

Low

Classification

CWE-489 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure