httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Noel Butler <noel.but...@ausics.net>
Subject Re: TRACE still enabled by default
Date Wed, 21 Mar 2012 13:41:10 GMT
On Wed, 2012-03-21 at 13:55 +0100, Reindl Harald wrote:

> 

Firstly, as stated previously, I agree TRACE should be disabled by
default because those that need it are probably at about 1 in 10000, and
I'd like to see a proper vote called on it :)  however...

> 
> fact is that nessus-scans usually complaining about TRACE on


Nessus, despite I do like it, and as it is a respected industry
standard, has its fair share of false positives, for simple example,
look at FTP, running a public FTP server you get a severity "medium"
warning, I mean like..  WTF... if anything, it should be an "info" ,
which brings me to their LOW ratings, they need to introduce an INFO
level, because 95% of "low" are not issues at all.



Mime
View raw message