Scalix Forums


http://www.scalix.com/forums/

http trace vulnerability?

http://www.scalix.com/forums/viewtopic.php?f=2&t=4451

Page 1 of 1

http trace vulnerability?

Posted: Mon Oct 30, 2006 2:59 pm
by FNB
We're running Scalix 10 on RHEL 4. A recent security scan of the box showed that http trace is enabled http://xforce.iss.net/xforce/xfdb/11149.

Are we going to cause any problems with Scalix by disabling it? If not, how do you recommend disabling it?

Posted: Mon Oct 30, 2006 9:28 pm
by ScalixSupport
According to the link you posted:

As a workaround, disable HTTP TRACE support on your Web server. HTTP TRACE support can be disabled on Apache HTTP Server using the mod_rewrite module and on Microsoft Internet Information Services (IIS) using the URLScan tool.


The mod_rewrite module is installed and loaded by default on all my apache servers with no ill effect.

Regards,
Don
All times are UTC-04:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/