n***@eriko.mobi
2007-10-01 16:34:30 UTC
Hi, all,
Plugin 11213 checks for HTTP TRACE on the remote webserver. If it is
found, and the server is Apache, it suggests using mod_rewrite to
block TRACE requests.
Newer versions of Apache (1.3.34+, 2.0.55+, and 2.2+) include a
TraceEnable directive to natively disable Trace:
http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.apache.org/dist/httpd/CHANGES_1.3
The below patch modifies xst_http_trace.nasl to check for Apache
version numbers, and if a version known to include the TraceEnable
directive is found, it suggests using that rather than mod_rewrite.
If this isn't the appropriate list for this message, please let me
know.
Erik
--- xst_http_trace.nasl
@@ -71,6 +71,15 @@
+sol["apachetraceenable"] = "
+Solution :
+
+Add the following line for each virtual host in your configuration file :
+
+TraceEnable off
+
+";
+
sol["apache"] = "
Solution :
@@ -122,8 +131,14 @@
if ( egrep(pattern:"^Server:.*IIS", string:banner) ) report = sol["iis"];
-else if ( egrep(pattern:"^Server:.*Apache", string:banner) ) report = sol["apache"];
+else if ( egrep(pattern:"^Server:.*Apache", string:banner) ) {
+ if ( egrep(pattern:"^Server:.*Apache/1\.3\.(3[4-9]|[4-9][0-9])", string:banner) ) report = sol["apachetraceenable"];
+ else if ( egrep(pattern:"^Server:.*Apache/2\.0\.(5[5-9]|[6-9][0-9])", string:banner) ) report = sol["apachetraceenable"];
+ else if ( egrep(pattern:"^Server:.*Apache/2\.2", string:banner) ) report = sol["apachetraceenable"];
+ else report = sol["apache"];
+}
else if ( egrep(pattern:"^Server.*SunONE", string:banner) ) report = sol["SunONE"];
+
report = string (desc["english"], report);
Plugin 11213 checks for HTTP TRACE on the remote webserver. If it is
found, and the server is Apache, it suggests using mod_rewrite to
block TRACE requests.
Newer versions of Apache (1.3.34+, 2.0.55+, and 2.2+) include a
TraceEnable directive to natively disable Trace:
http://www.apache.org/dist/httpd/CHANGES_2.0
http://www.apache.org/dist/httpd/CHANGES_1.3
The below patch modifies xst_http_trace.nasl to check for Apache
version numbers, and if a version known to include the TraceEnable
directive is found, it suggests using that rather than mod_rewrite.
If this isn't the appropriate list for this message, please let me
know.
Erik
--- xst_http_trace.nasl
@@ -71,6 +71,15 @@
+sol["apachetraceenable"] = "
+Solution :
+
+Add the following line for each virtual host in your configuration file :
+
+TraceEnable off
+
+";
+
sol["apache"] = "
Solution :
@@ -122,8 +131,14 @@
if ( egrep(pattern:"^Server:.*IIS", string:banner) ) report = sol["iis"];
-else if ( egrep(pattern:"^Server:.*Apache", string:banner) ) report = sol["apache"];
+else if ( egrep(pattern:"^Server:.*Apache", string:banner) ) {
+ if ( egrep(pattern:"^Server:.*Apache/1\.3\.(3[4-9]|[4-9][0-9])", string:banner) ) report = sol["apachetraceenable"];
+ else if ( egrep(pattern:"^Server:.*Apache/2\.0\.(5[5-9]|[6-9][0-9])", string:banner) ) report = sol["apachetraceenable"];
+ else if ( egrep(pattern:"^Server:.*Apache/2\.2", string:banner) ) report = sol["apachetraceenable"];
+ else report = sol["apache"];
+}
else if ( egrep(pattern:"^Server.*SunONE", string:banner) ) report = sol["SunONE"];
+
report = string (desc["english"], report);