[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] cross site trace

From: Raymond Forbes <rforbes@xxxxxxxxxxxxxx>
Subject: [WEB SECURITY] cross site trace
Date: Fri, 18 Jul 2008 10:44:17 -0700

So, this vulnerability keeps coming up on scans and audits. Considering the number of clients that even support trace has dramatically shrunk this would seem to me to not be a serious issue anymore. Not that I am saying it isn't worth fixing but when prioritizing with other vulnerabilities this ends up on the low side.

Am I off base here?

-Raymond

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

Follow-Ups:
- Re: [WEB SECURITY] cross site trace
  - From: Jeremiah Grossman
- RE: [WEB SECURITY] cross site trace
  - From: Brian Shura

Prev by Date: Re: [WEB SECURITY] ActivePerl
Next by Date: [WEB SECURITY] Web Application Security Professionals Survey (July 2008)
Previous by thread: [WEB SECURITY] Lateral SQL Injection Revisited - No Special Privs Required
Next by thread: Re: [WEB SECURITY] cross site trace
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site