Guest

Preview Tool

Cisco Bug: CSCte26363 - CVE-2004-2320 Disable HTTP TRACE method option

Last Modified

Aug 06, 2018

Products (1)

  • Cisco ACE Application Control Engine Module

Known Affected Releases

3.0(0)A2(1.6a)

Description (partial)

Symptom:
 
Apache Server implementation in ACE allow HTTP TRACE method. Per CVE-2004-2320 and VU#867593, this can
help attackers to steal information using cross-site tracing (XST) attacks in applications that are 
vulnerable to cross-site scripting or to  access sensitive information, such as cookies or authentication
data,  contained in the HTTP headers of the requests.
 
Conditions:

No special condition is required.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.