Solved

TRACE / TRACK vulnerability testing

Posted on 2009-04-02
1
1,978 Views
Last Modified: 2012-05-06
I have Apache httpd server (version 2.2.3) running and our security team has asked that we lock it down to  TRACE and TRACK vulnerabilities.   i have read that i can use "TraceEnable off" to turn it off, but how do i test before and after to see that it really is an issue and that it is fixed after i make the change?
how do i test it and what should i see as the result?
Also, we redirect all http traffic to https, so is this still an issue?

thanks in advance for you help.  
0
Comment
Question by:nohurt
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 125 total points
ID: 24057840
> .. but how do i test
simply use telnet as follows

telnet your.server.tld 80
TRACE / HTTP/1.0


> .. what should i see
something like follows:

HTTP/1.1 200 OK
Date: Fri, 03 Apr 2009 00:42:42 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0


> Also, we redirect all http traffic to https, so is this still an issue?
yes
but if you disable TRACE then it should be disabled for both protocols.
0

Featured Post

Secure Your Active Directory - April 20, 2017

Active Directory plays a critical role in your company’s IT infrastructure and keeping it secure in today’s hacker-infested world is a must.
Microsoft published 300+ pages of guidance, but who has the time, money, and resources to implement? Register now to find an easier way.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Public IP Address Amazon Servers 2 62
PHP_POST() error message 9 80
Apache module 5 66
what is socket pooling? 8 23
Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question