Network Security: Detailed info on Re: http TRACE option

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Pen-Test

[Top] [All Lists]

Re: http TRACE option

from [Florencio Cano] Network Security

[Permanent Link]

Subject:	Re: http TRACE option
Date:	Tue, 22 Jan 2008 13:51:58 +0100

what is the issue if TRACE option is enabled in web servers ?


Here you have info about it:

"XST Strikes Back", Amit Klein, BugTraq posting, January
25th, 2006
http://www.securityfocus.com/archive/1/423028

"Cross Site Tracing", Jeremiah Grossman, WhiteHat Security
whitepaper, January 20th, 2003
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
http TRACE option, pentestr Re: http TRACE option, jeffrey rivero Re: http TRACE option, Tim Re: http TRACE option, Florencio Cano <= Re: http TRACE option, Campbell Murray Re: http TRACE option, Chris McNab Re: http TRACE option, Gleb Paharenko RE: http TRACE option, Maxime Ducharme Re: http TRACE option, "JosÂÃ M. PalazÃn Romero" Re: http TRACE option, rajat swarup RE: http TRACE option, benoni.martin Re: http TRACE option, Bipin Upadhyay Re: http TRACE option, Trancer Re: http TRACE option, Alexander Bondarenko

Previous by Date:	Re: Oracle URL SQL Injection issue, jeffrey rivero
Next by Date:	RE: Thoughts of the paranoid on the call centre security., Sean Jackson
Previous by Thread:	Re: http TRACE option, Tim
Next by Thread:	Re: http TRACE option, Campbell Murray
Indexes:	[Date] [Thread] [Top] [All Lists]