Provided by Aanval (Snort & Syslog Intrusion Detection and Correlation Engine) www.aanval.com
--
| GEN:SID | 1:2056 |
| Message | WEB-MISC TRACE attempt |
| Summary | This event is generated when an attempt is made to exploit a known vulnerability in a web server using the TRACE command. |
| Impact | Possible disclosure of information. |
| Detailed Information | The TRACE method is used when debugging a webserver to ensure that server returns information to the client correctly. When used with other vulnerabilities it is possible to use the TRACE method to return sensitive information from a webserver such as authentication data and cookies. This is known as a Cross Site Tracing (XST) attack. |
| Affected Systems | All platforms running a webserver that responds to the TRACE method. |
| Attack Scenarios | The attacker needs to perform a TRACE request to a vulnerable server. |
| Ease of Attack | Simple |
| Corrective Action | Disable the webserver from responding to TRACE requests. |
| Additional References | CERT: http://www.kb.cert.org/vuls/id/867593 Nessus: http://cgi.nessus.org/plugins/dump.php3?id=11213 RFC: http://www.ietf.org/rfc/rfc2616.txt |
| Rule References | bugtraq: 9561 nessus: 11213 url: www.whitehatsec.com/press_releases/WH-PR-20030120.pdf |
--
DID:583030
--
http://www.aanval.com/