mirror of
https://github.com/projectdiscovery/nuclei-templates.git
synced 2026-02-02 16:53:25 +08:00
35 lines
1009 B
YAML
35 lines
1009 B
YAML
id: file-disable-http-trace-method
|
|
|
|
info:
|
|
name: Disable Apache2 HTTP TRACE Method
|
|
author: pussycat0x
|
|
severity: high
|
|
description: |
|
|
The HTTP TRACE method should be disabled to prevent Cross-Site Tracing (XST) attacks.
|
|
remediation: |
|
|
Add 'TraceEnable Off' in the Apache configuration file and restart the service.
|
|
reference:
|
|
- https://httpd.apache.org/docs/2.4/mod/core.html#traceenable
|
|
metadata:
|
|
verified: true
|
|
tags: audit,config,file,apache,hardening
|
|
|
|
file:
|
|
- extensions:
|
|
- conf
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "<Directory"
|
|
- "<FilesMatch"
|
|
condition: and
|
|
|
|
- type: word
|
|
words:
|
|
- "TraceEnable On"
|
|
- "<IfModule mod_core.c>"
|
|
condition: and
|
|
negative: true
|
|
# digest: 4a0a004730450221008c842e49c2a92d3ba5eea4686c3825c57fff34411e2aab1055eae3598efbac5e022027fbc59986fc1a022bcd7a05bca6ccef29c069315c23320aa9c52127eedfeff5:922c64590222798bb761d5b6d8e72950 |