TRACK method is enabled

Description
  • HTTP TRACK method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACK method. Additionally, IIS 5 does not log requests made with TRACK method.
Remediation
  • Disable TRACK Method on the web server.
References