"RFC 2068 [...] ALL current web servers comply with this RFC, which
means they ALL are vulnerable to this newly named attack - XST -
cross-site-trace. When misused, TRACE, part of the HTTP protocol, allows
an unauthorized script to be passed to a Web server for execution even
if the server is secured against running such scripts. Even devices like
web-managed routers are open to this."
http://www.extremetech.com/article2/0%2C3973%2C841144%2C00.asp
--
Rev. Nando Santagata: Telemastica & infornatica
Key fingerprint = 1054 9311 458D 4BAA E97B F447 7CD4 54B5 0208 F815
finger nandos (at) mail (dot) ipers (dot) net for my public key
NANDO: Networked Artificial Neohuman Designed for Observation
|