TRACE disclosure attack may be possible
Unknown
Vulnerability Details
I have tried to check if Cross Site Tracing is possible, fired up my command line and curl -X TRACE www.relateIQ.com.
The response may not actually shows it is vulnerable, but it is not as well a message for properly configured " no " to Cross Site Tracing attack.
Kindly check it sir.
Thank you very much.
For more information: https://www.owasp.org/index.php/Cross_Site_Tracing
Clifford
Actions
View on HackerOneReport Stats
- Report ID: 4409
- State: Closed
- Substate: resolved
- Upvotes: 6