Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

TRACE / TRACK vulnerability testing

Posted on 2009-04-02
1
Medium Priority
?
1,993 Views
Last Modified: 2012-05-06
I have Apache httpd server (version 2.2.3) running and our security team has asked that we lock it down to  TRACE and TRACK vulnerabilities.   i have read that i can use "TraceEnable off" to turn it off, but how do i test before and after to see that it really is an issue and that it is fixed after i make the change?
how do i test it and what should i see as the result?
Also, we redirect all http traffic to https, so is this still an issue?

thanks in advance for you help.  
0
Comment
Question by:nohurt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 375 total points
ID: 24057840
> .. but how do i test
simply use telnet as follows

telnet your.server.tld 80
TRACE / HTTP/1.0


> .. what should i see
something like follows:

HTTP/1.1 200 OK
Date: Fri, 03 Apr 2009 00:42:42 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0


> Also, we redirect all http traffic to https, so is this still an issue?
yes
but if you disable TRACE then it should be disabled for both protocols.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: kevp75
Hey folks, 'bout time for me to come around with a little tip. Thanks to IIS 7.5 Extensions and Microsoft (well... really Windows 8, and IIS 8 I guess...), we can now prime our Application Pools, when IIS starts. Now, though it would be nice t…
Introduction This article explores the design of a cache system that can improve the performance of a web site or web application.  The assumption is that the web site has many more “read” operations than “write” operations (this is commonly the ca…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question