Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1999
  • Last Modified:

TRACE / TRACK vulnerability testing

I have Apache httpd server (version 2.2.3) running and our security team has asked that we lock it down to  TRACE and TRACK vulnerabilities.   i have read that i can use "TraceEnable off" to turn it off, but how do i test before and after to see that it really is an issue and that it is fixed after i make the change?
how do i test it and what should i see as the result?
Also, we redirect all http traffic to https, so is this still an issue?

thanks in advance for you help.  
0
nohurt
Asked:
nohurt
1 Solution
 
ahoffmannCommented:
> .. but how do i test
simply use telnet as follows

telnet your.server.tld 80
TRACE / HTTP/1.0


> .. what should i see
something like follows:

HTTP/1.1 200 OK
Date: Fri, 03 Apr 2009 00:42:42 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0


> Also, we redirect all http traffic to https, so is this still an issue?
yes
but if you disable TRACE then it should be disabled for both protocols.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now