Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross-Site-TRACE

Posted by michael on from the uh-oh dept.

quackking writes "Uh-oh! Looks bad for RFC 2068! Kudos to WhiteHat out of Santa Clara, CA for this one. ALL current web servers comply with this RFC, which means they ALL are vulnerable to this newly named attack - XST - cross-site-trace. When misused, TRACE, part of the HTTP protocol, allows an unauthorized script to be passed to a Web server for execution even if the server is secured against running such scripts. Even devices like web-managed routers are open to this."

1 of 299 comments (clear)

  1. BoingBoing is amazing by TerryAtWork · · Score: 5, Interesting

    When this was a physical magazine, it was one of the most fun, intelligent and readable cyber magazines ever. I bought my copies at the short lived Binary Cafe in Toronto (three computers on dialup to the net...) - and now I can't find them.

    Kind of like Mondo 2000, Wired and National Lampoon (jeez - anyone here remember when those were good?) all rolled into one. Now it's a web site and a HECK of a mail list.

    Highly recommended and I'm looking forward to DLing the book. (As soon as the /. effect ends.)

    --
    It's Christmas everyday with BitTorrent.