/vulndb/Debug Methods Enabled

The HTTP methods TRACK and TRACE are usually used for debugging purpose.

If the TRACE method is accepted by the web server an attacker may leverage this functionality with known XSS vulnerabilities to obtain sensitive information about the web server, including server cookies and authentication information.

Solution

Disable support for these methods in production environments.

References

http://en.wikipedia.org/wiki/Hypertext_Transfer_Protocol#Request_methods https://www.owasp.org/index.php/Testing_for_HTTP_Methods_and_XST_(OWASP-CM-008)