TRACK method is enabled

Description

HTTP TRACK method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACK method. Additionally, IIS 5 does not log requests made with TRACK method.

Remediation

Disable TRACK Method on the web server.

References
Severity
Classification
Tags
  • Configuration