Description

HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method.

Remediation

Disable TRACE Method on the web server.

References

W3C - RFC 2616

US-CERT VU#867593

Cross-site tracing (XST)

Related Vulnerabilities

Phpfastcache phpinfo publicly accessible (CVE-2021-37704)

Node.js Running in Development Mode

WordPress Plugin JM Twitter Cards Information Disclosure (6.1)

Unrestricted access to Prometheus Metrics

WordPress Plugin U Extended Comment 'fileurl' Parameter Arbitrary File Download (1.0.1)

Severity

Low

Classification

CWE-489 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure