Hosting Provided By

Re: TRACE used to increase the dangerous of XSS.

From: Jeremiah Grossman <jeremiah(at)whitehatsec.com>
Date: Wed Jan 22 2003 - 21:41:18 EST

On Wed, 2003-01-22 at 18:28, Doug Monroe wrote:
> Jeremiah Grossman wrote:

Cool, that should lock down strange HTTP request methods nicely. We tried something similar on ISS/Exchange and it turned off some functionality.

Careful using this type of method if your using Application Servers which depend on request method other than GET or POST. Received on Wed Jan 22 23:15:54 2003

This message: [ Message body ]
Next message: Tim Greer: "Re: New Web Vulnerability - Cross-Site Tracing"
In reply to Doug Monroe: "Re: TRACE used to increase the dangerous of XSS."
Next in thread: Sverre H. Huseby: "Re: TRACE used to increase the dangerous of XSS."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:47 EDT