HTTP.TRACE.TRACK.XST
Description
This indicates an attempt to exploit a XST (Cross Site Trace) attack through HTTP Command TRACE or TRACK.
The vulnerability is a result of the application sending back sensitive information with HTTP TRACE request or HTTP TRACK request. As a result, a remote attacker can send a crafted query to gain sensitive information from a vulnerable server.
Affected Products
Server with TRACE or TRACK HTTP Command enabled
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Disable TRACK or TRACE command if not needed.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |