Treat: "The remote Web server supports the TRACE and/or TRACK HTTP methods, which makes it easier for remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism.
Track / Trace are required to be disabled to be PCI compliance."
Impact: If this vulnerability is successfully exploited, attackers can potentially steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism.
Solution: Disable these methods in your web server's configuration file.
Fix: echo TraceEnable off >>/etc/httpd/conf/httpd.conf
Restart apache service
No comments:
Post a Comment