Apache TraceEnable on
Jim Tarvid
tarvid at ls.net
Wed Aug 4 13:34:01 UTC 2010
+ Allowed HTTP Methods: GET, HEAD, POST, OPTIONS, TRACE
+ OSVDB-877: HTTP TRACE method is active, suggesting the host is vulnerable
to XST
/etc/apache2/apache2.conf has
Include /etc/apache2/conf.d/ which has
security.dpkg-dist which has
TraceEnable Off
but TRACE is on
and why should OPTIONS be on too?
--
Rev. Jim Tarvid, PCA
Galax, Virginia
http://ls.net
http://drupal.ls.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100804/87c86852/attachment.html>
More information about the ubuntu-server
mailing list