2025-03-12 00:17:19 +05:30
|
|
|
id: file-disable-http-trace-method
|
2025-02-21 00:28:06 +05:30
|
|
|
|
|
|
|
|
info:
|
2025-03-12 00:17:19 +05:30
|
|
|
name: Disable Apache2 HTTP TRACE Method
|
2025-02-21 00:28:06 +05:30
|
|
|
author: pussycat0x
|
|
|
|
|
severity: high
|
|
|
|
|
description: |
|
|
|
|
|
The HTTP TRACE method should be disabled to prevent Cross-Site Tracing (XST) attacks.
|
|
|
|
|
remediation: |
|
|
|
|
|
Add 'TraceEnable Off' in the Apache configuration file and restart the service.
|
|
|
|
|
reference:
|
|
|
|
|
- https://httpd.apache.org/docs/2.4/mod/core.html#traceenable
|
|
|
|
|
metadata:
|
|
|
|
|
verified: true
|
2025-04-09 16:01:27 +05:30
|
|
|
tags: audit,config,file,apache,hardening
|
2025-02-21 00:28:06 +05:30
|
|
|
|
|
|
|
|
file:
|
|
|
|
|
- extensions:
|
|
|
|
|
- conf
|
|
|
|
|
|
|
|
|
|
matchers-condition: and
|
|
|
|
|
matchers:
|
2025-02-25 01:05:50 +05:30
|
|
|
- type: word
|
|
|
|
|
words:
|
2025-03-12 00:17:19 +05:30
|
|
|
- "<Directory"
|
|
|
|
|
- "<FilesMatch"
|
2025-02-26 00:34:45 +05:30
|
|
|
condition: and
|
2025-02-25 01:05:50 +05:30
|
|
|
|
2025-02-21 00:28:06 +05:30
|
|
|
- type: word
|
|
|
|
|
words:
|
|
|
|
|
- "TraceEnable On"
|
2025-02-25 01:05:50 +05:30
|
|
|
- "<IfModule mod_core.c>"
|
2025-02-26 00:34:45 +05:30
|
|
|
condition: and
|
2025-04-09 11:57:32 +00:00
|
|
|
negative: true
|
|
|
|
|
# digest: 4a0a004730450221008c842e49c2a92d3ba5eea4686c3825c57fff34411e2aab1055eae3598efbac5e022027fbc59986fc1a022bcd7a05bca6ccef29c069315c23320aa9c52127eedfeff5:922c64590222798bb761d5b6d8e72950
|
