Description
HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.
Remediation
Disable TRACE Method on the web server.
References
Related Vulnerabilities
WordPress Plugin Health Check & Troubleshooting Arbitrary File Disclosure (1.2.3)
WordPress Plugin WebP Express Arbitrary File Disclosure (0.14.10)
Apache Tomcat version older than 7.0.21
Cookies with Secure flag set over insecure connection
WordPress Plugin Eshop Magic Arbitrary File Disclosure (0.1)