Intrusion Prevention

HTTP.TRACE.TRACK.XST

Description

This indicates an attempt to exploit a XST (Cross Site Trace) attack through HTTP Command TRACE or TRACK.
The vulnerability is a result of the application sending back sensitive information with HTTP TRACE request or HTTP TRACK request. As a result, a remote attacker can send a crafted query to gain sensitive information from a vulnerable server.

Affected Products

Server with TRACE or TRACK HTTP Command enabled

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Disable TRACK or TRACE command if not needed.

Coverage

IPS (Regular DB)
IPS (Extended DB)

ID	42531
Created	Jun 14, 2016
Updated	Apr 25, 2017
Risk
CVE ID	CVE-2010-0386 CVE-2004-2320 CVE-2003-1567
Exploit Prediction Score	4.23%
Default Action	drop
Active
Affected OS	All
Affected App	Other

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Intrusion Prevention

HTTP.TRACE.TRACK.XST

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

Intrusion Prevention

HTTP.TRACE.TRACK.XST

Description

Affected Products

Impact

Recommended Actions

Telemetry

Coverage

Threat Intelligence
Center