Http TRACE XSS Attack Network Vulnerability

Summary

Debugging functions are enabled on the remote HTTP server. The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections. It has been shown that servers supporting this method are subject to cross-site-scripting attacks, dubbed XST for Cross-Site-Tracing, when used in conjunction with various weaknesses in browsers. An attacker may use this flaw to trick your legitimate web users to give him their credentials.

Solution

Disable these methods.

References

http://www.kb.cert.org/vuls/id/867593

Updated on 2015-03-25

Severity

Classification

CVE CVE-2003-1567, CVE-2004-2320

CVSS	Base Score: 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N

Related Vulnerabilities

Apache Struts2 showcase namespace XSS Vulnerability
A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability
/doc directory browsable ?
Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability
Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities

http TRACE XSS attack

Take action and discover your vulnerabilities