Solved

TRACE / TRACK vulnerability testing

Posted on 2009-04-02
1
1,972 Views
Last Modified: 2012-05-06
I have Apache httpd server (version 2.2.3) running and our security team has asked that we lock it down to  TRACE and TRACK vulnerabilities.   i have read that i can use "TraceEnable off" to turn it off, but how do i test before and after to see that it really is an issue and that it is fixed after i make the change?
how do i test it and what should i see as the result?
Also, we redirect all http traffic to https, so is this still an issue?

thanks in advance for you help.  
0
Comment
Question by:nohurt
1 Comment
 
LVL 51

Accepted Solution

by:
ahoffmann earned 125 total points
ID: 24057840
> .. but how do i test
simply use telnet as follows

telnet your.server.tld 80
TRACE / HTTP/1.0


> .. what should i see
something like follows:

HTTP/1.1 200 OK
Date: Fri, 03 Apr 2009 00:42:42 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0


> Also, we redirect all http traffic to https, so is this still an issue?
yes
but if you disable TRACE then it should be disabled for both protocols.
0

Featured Post

Easy, flexible multimedia distribution & control

Coming soon!  Ideal for large-scale A/V applications, ATEN's VM3200 Modular Matrix Switch is an all-in-one solution that simplifies video wall integration. Easily customize display layouts to see what you want, how you want it in 4k.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction As you’re probably aware the HTTP protocol offers basic / weak authentication, which in combination with the relevant configuration on your web server, provides the ability to password protect all or part of your host.  If you were not…
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question