Description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

Remediation

Disable TRACE Method on the web server.

References

W3C - RFC 2616

US-CERT VU#867593

Cross-site tracing (XST)

Related Vulnerabilities

WordPress Plugin Wholesale Market Arbitrary File Download (2.2.0)

[Possible] Database Connection String Detected

Craft CMS Development Mode enabled

WordPress Plugin WordPress renaming tool by Vlajo Arbitrary File Download (1.0)

WordPress Plugin WP Online Store Local File Include and Multiple File Disclosure Vulnerabilities (1.3.1)

Severity

Low

Classification

CWE-489 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure