[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [WEB SECURITY] cross site trace

From: Amit Klein <aksecurity@xxxxxxxxx>
Subject: Re: [WEB SECURITY] cross site trace
Date: Mon, 21 Jul 2008 06:52:59 +0200

Brian Shura wrote:

Raymond,
IE 6 is the only major browser that still supports TRACE, so I would agree
that this is a low risk vulnerability.

Ummm- why? IE6's market share is somewhere between over 1/3 of the market (http://www.thecounter.com/stats/2008/July/browser.php) to over 1/4 of the market (http://marketshare.hitslink.com/report.aspx?qprid=2).

The fact that it's a single browser doesn't mean it's not (still) very popular...

Thanks,
-Amit


----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA

References:
- [WEB SECURITY] cross site trace
  - From: Raymond Forbes
- RE: [WEB SECURITY] cross site trace
  - From: Brian Shura

Prev by Date: RE: [WEB SECURITY] cross site trace
Next by Date: Re: [WEB SECURITY] cross site trace
Previous by thread: RE: [WEB SECURITY] cross site trace
Next by thread: Re: [WEB SECURITY] cross site trace
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site