Skip to content

HTTP TRACE TRACK Methods Allowed

Jump to bottom
Fabien edited this page May 22, 2024 · 1 revision

Overview

HTTP TRACE and TRACK methods are used primarily for debugging and diagnostic purposes. However, their presence can be a security risk as they can be exploited for cross-site scripting (XSS) and other attacks. These methods can echo back user inputs, including sensitive information such as cookies and authentication tokens.

  • Severity: Medium

Impact

  • Cross-Site Scripting (XSS): Attackers can exploit the TRACE method to inject malicious scripts, leading to XSS attacks.
  • Information Disclosure: Sensitive information like cookies and authentication headers can be disclosed via TRACE or TRACK methods.
  • Reconnaissance: Attackers can use these methods to gather information about the server and its configuration.

Cause

  • Debugging Purposes: TRACE and TRACK methods are enabled for debugging and diagnostics.
  • Default Configuration: Some web servers enable these methods by default.
  • Misconfiguration: Lack of proper security configurations can leave these methods enabled.

Solution

  1. Apache:

    • Add the following directive to the Apache configuration file (e.g., httpd.conf or a site-specific config file).

      TraceEnable off

    • Restart Apache to apply changes.

      sudo systemctl restart apache2

  2. Nginx:

    • Add a custom rule in the server block to deny TRACE and TRACK requests.

      if ($request_method ~* ^(TRACE|TRACK)$) {
    return 405;
}

    • Reload Nginx to apply changes.

      sudo systemctl reload nginx

  3. IIS:

    • Use URLScan or Request Filtering to block TRACE and TRACK methods.

      <requestFiltering>
    <verbs>
        <add verb="TRACE" allowed="false" />
        <add verb="TRACK" allowed="false" />
    </verbs>
</requestFiltering>

    • Restart IIS to apply changes.

      iisreset

Examples

Blocking TRACE and TRACK in Apache

  1. Edit Apache Configuration:

    sudo nano /etc/apache2/conf-available/security.conf
# Add the following line:
TraceEnable off

  2. Restart Apache:

    sudo systemctl restart apache2

Blocking TRACE and TRACK in Nginx

  1. Edit Nginx Configuration:

    sudo nano /etc/nginx/nginx.conf
# Add the following lines in the server block:
if ($request_method ~* ^(TRACE|TRACK)$) {
    return 405;
}

  2. Reload Nginx:

    sudo systemctl reload nginx

References

Additional Resources

Navigation

  • Home - Return to this main page.
  • Explore detailed vulnerability categories and entries via the sidebar.

Microsoft Related Vulnerabilities

SSL/TLS Related

OpenSSL Related Vulnerabilities

Apache Related Vulnerabilities

Java/Oracle Related Vulnerabilities

Miscellaneous Vulnerabilities

Miscellaneous

  • Template -> Use this template for new vulnerabilities
Clone this wiki locally