× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. DOMINO400
  3. July 2013

[no subject]

We use QualysGuard to test our system for exploitations. I believe it's
an IBM owned company. It has this issue with our Domino (and/or Quickr)
served external websites. It this something to be concerned about? If so
what actions are recommended?




208.87.182.41 (xqp02.dekko.com, -)

OS/400 on AS/400
Vulnerabilities (4) Expand all vulnerabilities Collapse all
vulnerabilities

3
HTTP TRACE / TRACK Methods Enabled port 80/tcp


QID:
12680
Category:
CGI
CVE ID:
CVE-2004-2320 CVE-2010-0386 CVE-2003-1567
Vendor Reference
-
Bugtraq ID:
-
Service Modified:
06/05/2013
User Modified:
-
Edited:
No
PCI Vuln:
Yes

THREAT:
The remote Web server supports the TRACE and/or TRACK HTTP methods,
which makes it easier for remote attackers to steal cookies and
authentication credentials or bypass the HttpOnly protection mechanism.
IMPACT:
If this vulnerability is successfully exploited, attackers can
potentially steal cookies and authentication credentials, or bypass the
HttpOnly protection mechanism.
SOLUTION:
Disable these methods in your web server's configuration file.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:
There is no exploitability information for this vulnerability.
ASSOCIATED MALWARE:
There is no malware information for this vulnerability.
RESULTS:
TRACE method enabled on / directory



Rob Berendt

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.