Hello, can anybody explain me how much security problem is, when I have TRACE enabled in Apache? I tried to disable it with mod_rewrite inside the .htaccess file, but it does not work ("Nikto" scanner says "it's still TRACE enabled). I have no access to Apache and can't compile Apache with TRACE disabled. Admin says: it is not dangerous, look at: http://www.ietf.org/rfc/rfc2616.txt But scanner "Nikto" talks about 4 years old security problem: http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf Should I worry about TRACE enabled? Thanks, Pavel --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org