Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cross-Site-TRACE

Posted by michael on from the uh-oh dept.

quackking writes "Uh-oh! Looks bad for RFC 2068! Kudos to WhiteHat out of Santa Clara, CA for this one. ALL current web servers comply with this RFC, which means they ALL are vulnerable to this newly named attack - XST - cross-site-trace. When misused, TRACE, part of the HTTP protocol, allows an unauthorized script to be passed to a Web server for execution even if the server is secured against running such scripts. Even devices like web-managed routers are open to this."

2 of 299 comments (clear)

  1. Re:Well..... by doubleyewdee · · Score: 1, Redundant

    Well. That was kind of silly. I see you borrowed the text from this posting on bugtraq to whore a little karma. That's fine, but shouldn't you have been logged in?

    --


    you can take the road that takes you to the stars...
  2. Re:Scary thing by PetWolverine · · Score: 0, Redundant

    Why do people make posts like this? Mod this guy down!

    --
    I found the meaning of life the other day, but I had write-only access.