On Wed, 2012-03-21 at 13:55 +0100, Reindl Harald wrote: >
Firstly, as stated previously, I agree TRACE should be disabled by default because those that need it are probably at about 1 in 10000, and I'd like to see a proper vote called on it :) however... > > fact is that nessus-scans usually complaining about TRACE on Nessus, despite I do like it, and as it is a respected industry standard, has its fair share of false positives, for simple example, look at FTP, running a public FTP server you get a severity "medium" warning, I mean like.. WTF... if anything, it should be an "info" , which brings me to their LOW ratings, they need to introduce an INFO level, because 95% of "low" are not issues at all.
<<attachment: face-smile.png>>
signature.asc
Description: This is a digitally signed message part
