http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
this white paper details how the HTTP TRACE request can be used for cross- site scripting vulnerability. it also says Apache can be made to disable TRACE only via mod_rewrite (Limit directive doesn't work). do you think this is serious? i can't think of a scenario using this vulnerability wherein an attacker can exploit my web server, unless if they can create scripts/pages on my server -dre _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] Fully Searchable Archives With Friendly Web Interface at http://marc.free.net.ph To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
