Preview Tool

Cisco Bug: CSCte26363 - CVE-2004-2320 Disable HTTP TRACE method option

Last Modified

Feb 04, 2017

Products (1)

  • Cisco ACE Application Control Engine Module

Known Affected Releases


Description (partial)

Apache Server implementation in ACE allow HTTP TRACE method. Per CVE-2004-2320 and VU#867593, this can
help attackers to steal information using cross-site tracing (XST) attacks in applications that are 
vulnerable to cross-site scripting or to  access sensitive information, such as cookies or authentication
data,  contained in the HTTP headers of the requests.

No special condition is required.
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.