/vulndb/Debug Methods Enabled

The HTTP methods TRACK and TRACE are usually used for debugging purpose.

If the TRACE method is accepted by the web server an attacker may leverage this functionality with known XSS vulnerabilities to obtain sensitive information about the web server, including server cookies and authentication information.


Disable support for these methods in production environments.


http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008)