jordanwb Posted August 25, 2008 Share Posted August 25, 2008 HTTP TRACE method is enabled on this web server. In the presence of other cross-domain vulnerabilities in web browsers, sensitive header information could be read from any domains that support the HTTP TRACE method. This vulnerability affects Web Server. The impact of this vulnerability Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers such as cookies and authentication data. How to fix this vulnerability Disable TRACE Method on the web server. File inputs accepted By this form input is possible to upload a file to the server. This vulnerability affects /up.php. The impact of this vulnerability User may upload malicious files to server. How to fix this vulnerability Check if the script inputs are properly validated How do you figure all that stuff out? Link to comment Share on other sites More sharing options...
darkfreaks Posted August 25, 2008 Share Posted August 25, 2008 the scanner i use crawls the server? Link to comment Share on other sites More sharing options...
Recommended Posts