HTTP TRACE / TRACK Methods Allowed Contents 参考资料 https://www.beyondsecurity.com/scan_pentest_network_vulnerabilities_http_trace_method_xss_vulnerability https://www.tenable.com/plugins/nessus/11213 http://www.alphadevx.com/a/383-Disabling-the-TRACE-method-in-Apache2 https://community.pivotal.io/s/article/How-to-disable-HTTP-TRACE-for-Apache-httpd-Pivotal-Web-Server-and-How-to-test-HTTP-TRACE 影响说明 TRACE and TRACK are HTTP methods that are used to debug web server connections. TRACE 和 TRACK方法是 web 服务器连接的调试方法. Servers supporting this method are subject to cross-site-scripting attacks when used in conjunction with various weaknesses in browser. 这些 HTTP 方法被开启时可能导致服务器容易遭受 (与其他多种浏览器漏洞配合的) XSS … Continue reading 【主机漏洞】HTTP TRACE / TRACK Methods Allowed