httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua Slive <jos...@slive.ca>
Subject Re: [users@httpd] Apache Security
Date Wed, 04 Jun 2003 13:57:39 GMT

On Wed, 4 Jun 2003 BurcinO@koc.net wrote:

> Hello,
>
> I want to ask something about Apache security,
>
> When we scan apache webservers with ISS, we found Http_Trace Vulnerability. Details was
given in  http://www.kb.cert.org/vuls/id/867593  address,
> When I apply that solution for this vulnerability, it worked for 2 systems. But it didn't
work other servers with the same configuration.
>
> Any suggestion regarding with this problem ?

This is not a real vulnerability.  Read the extended bugtraq discussion on
HTTP TRACE from a while back for the details.  So I would just ignore it.

If you really want to restrict TRACE, then you'll need to give us more
details on exactly what you tried and how you know it isn't working.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message