httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mauricio Cavalcanti" <>
Subject [users@httpd] TRACE/TRACK problem
Date Thu, 05 Aug 2004 13:08:50 GMT
i run nessus and it found a vulnerability called "http TRACE XSS attack" in 
https (443/tcp).

Nessus solution is "Disable this methods" and to do it, nessus says:

"If you are using Apache, add the following lines for each virtual
host in your configuration file :

    RewriteEngine on
    RewriteRule .* - [F]"

and see:

I have read many discussions about this "vulnerability".

I have changed my httpd.conf and run nessus again. The "vulnerability" 
stills there.

I have sent an e-mail to nessus group and i receive this:

"Apache has changed options multiple times over time to handle the
TRACE request, which is why I suggested you consult an Apache group to
know what to do and see what works the best with your version of Apache."

That´s what i´m trying now.

I´m running apache 1.3.29 in Solaris 8.

Anyone can help me?

Thanks in advance,

MSN Messenger: converse com os seus amigos online.

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message