漏洞报告显示:
Medium (CVSS: 5.8)
NVT: HTTP Debugging Methods (TRACE/TRACK) Enabled
References
cve: CVE-2003-1567 cve: CVE-2004-2320 cve: CVE-2004-2763 cve: CVE-2005-3398 cve: CVE-2006-4683 cve: CVE-2007-3008 cve: CVE-2008-7253 cve: CVE-2009-2823 cve: CVE-2010-0386 cve: CVE-2012-2223 cve: CVE-2014-7883
bid: 9506
bid: 9561
bid: 11604
Summary
The remote web server supports the TRACE and/or TRACK methods. TRACE and TRACK are HTTP methods which are used to debug web server connections.
Solution:
Solution type: Mitigation
Disable the TRACE and TRACK methods in your web server con guration. Please see the manual of your web server or the references for more information
漏洞解决:根据建议关闭‘TRACE and TRACK methods ’
处理方法:Apache版本大于2.2,在httpd.conf末尾添加:
TraceEnable off
1.查看Apache版本:httpd -v
2.在httpd.conf末尾添加TraceEnable off
3.验证
禁用Web服务器the TRACE and TRACK methods,修复80端口httpd漏洞:CVE-2003-1567
最新推荐文章于 2024-02-21 14:40:49 发布