Mailinglist Archive: opensuse-security (33 mails)
| < Previous | Next > |
[opensuse-security] TRACE enabled, Apache
- From: Pavel Chalupa <pavel@xxxxxxxxxx>
- Date: Fri, 16 Feb 2007 06:32:46 +0100
- Message-id: <200702160632.47884.pavel@xxxxxxxxxx>
Hello,
can anybody explain me how much security problem is, when I have TRACE enabled
in Apache? I tried to disable it with mod_rewrite inside the .htaccess file,
but it does not work ("Nikto" scanner says "it's still TRACE enabled). I have
no access to Apache and can't compile Apache with TRACE disabled.
Admin says: it is not dangerous, look at:
http://www.ietf.org/rfc/rfc2616.txt
But scanner "Nikto" talks about 4 years old security problem:
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf
Should I worry about TRACE enabled?
Thanks, Pavel
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx
can anybody explain me how much security problem is, when I have TRACE enabled
in Apache? I tried to disable it with mod_rewrite inside the .htaccess file,
but it does not work ("Nikto" scanner says "it's still TRACE enabled). I have
no access to Apache and can't compile Apache with TRACE disabled.
Admin says: it is not dangerous, look at:
http://www.ietf.org/rfc/rfc2616.txt
But scanner "Nikto" talks about 4 years old security problem:
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf
Should I worry about TRACE enabled?
Thanks, Pavel
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx
| < Previous | Next > |