[Bug 301380] New: disable TRACE/TRACK by default
https://bugzilla.novell.com/show_bug.cgi?id=301380 Summary: disable TRACE/TRACK by default Product: openSUSE 10.3 Version: Beta 1 Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: Apache AssignedTo: bnc-team-apache@forge.provo.novell.com ReportedBy: dmueller@novell.com QAContact: qa@suse.de Found By: --- given the medium to high probability in being exploited for XSS attacks, I think our apache configuration should disable the TRACE command by default. aka TraceEnable Off -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Found By|--- |Development -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-apache@forge.provo.novell.com |bnc-team-java@forge.provo.novell.com Component|Apache |Java -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|Java |Apache -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 Dirk Mueller <dmueller@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-java@forge.provo.novell.com |bnc-team-apache@forge.provo.novell.com -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 Sonja Krause-Harder <skh@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |skh@novell.com AssignedTo|bnc-team-apache@forge.provo.novell.com |skh@novell.com Status|NEW |ASSIGNED Priority|P5 - None |P3 - Medium -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 User skh@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=301380#c1 Sonja Krause-Harder <skh@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|skh@novell.com |hvogel@novell.com --- Comment #1 from Sonja Krause-Harder <skh@novell.com> 2009-02-16 08:12:03 MST --- Reassigning to team lead for load balancing. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 User aj@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=301380#c2 Andreas Jaeger <aj@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|hvogel@novell.com |nadvornik@novell.com --- Comment #2 from Andreas Jaeger <aj@novell.com> 2009-02-26 04:50:01 MST --- Let's do this - Vladimir, could you ask somebody to make the change, please? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 User anicka@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=301380#c3 Anna Bernathova <anicka@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED CC| |anicka@novell.com Resolution| |FIXED --- Comment #3 from Anna Bernathova <anicka@novell.com> 2009-02-27 08:53:24 MST --- Fixed for factory. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=301380 User poeml@novell.com added comment https://bugzilla.novell.com/show_bug.cgi?id=301380#c4 Peter Poeml <poeml@novell.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |poeml@novell.com --- Comment #4 from Peter Poeml <poeml@novell.com> 2009-02-27 12:21:35 MST --- Upstream default is on. The switch was added mainly to stop wasting time with users. http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=104333761011676&w=2 If this is a real issue, it should be raised upstream. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com