<plugin_id>160</plugin_id>
<plugin_name>HTTP TRACE method support detection</plugin_name>
<plugin_family>HTTP</plugin_family>
<plugin_created_date>2004/09/07</plugin_created_date>
<plugin_created_name>Marc Ruef</plugin_created_name>
<plugin_created_email>marc dot ruef at computec dot ch</plugin_created_email>
<plugin_created_web>http://www.computec.ch</plugin_created_web>
<plugin_created_company>computec.ch</plugin_created_company>
<plugin_updated_name>Marc Ruef</plugin_updated_name>
<plugin_updated_email>marc dot ruef at computec dot ch</plugin_updated_email>
<plugin_updated_web>http://www.computec.ch</plugin_updated_web>
<plugin_updated_company>computec.ch</plugin_updated_company>
<plugin_updated_date>2004/11/14</plugin_updated_date>
<plugin_version>2.0</plugin_version>
<plugin_changelog>Corrected the plugin structure and added the accuracy values in 1.1. Improved the pattern matching and introduced the plugin changelog in 2.0</plugin_changelog>
<plugin_protocol>tcp</plugin_protocol>
<plugin_port>80</plugin_port>
<plugin_procedure_detection>open|send OPTIONS * HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *Allow:*TRACE*</plugin_procedure_detection>
<plugin_procedure_exploit>open|send TRACE /ATK.test HTTP/1.0\n\n|sleep|close|pattern_exists HTTP/#.# ### *TRACE /ATK.test HTTP/1.0*</plugin_procedure_exploit>
<plugin_detection_accuracy>97</plugin_detection_accuracy>
<plugin_exploit_accuracy>99</plugin_exploit_accuracy>
<plugin_comment>This plugin was written with the ATK Attack Editor.</plugin_comment>
<bug_affected>Nearly every http web server</bug_affected>
<bug_not_affected>Specialized and hardened web servers</bug_not_affected>
<bug_vulnerability_class>Configuration</bug_vulnerability_class>
<bug_description>In the World Wide Web (WWW) the Hyper Text Transport Protocol (HTTP) is used to transfer the main data. It is client/server based and HTTP requests are used to get the requested data. There is a method named TRACE which is used to invoke a remote, application-layer loop- back of the request message.</bug_description>
<bug_solution>A service if not needed should be de-installed or disabled. If this is not possible, an access control list (ACL) with firewalling should be applied to this port. Do not allow not needed methods as like DELETE, TRACE or TRACK.</bug_solution>
<bug_fixing_time>Approx. 1 hour</bug_fixing_time>
<bug_exploit_availability>Yes</bug_exploit_availability>
<bug_remote>Yes</bug_remote>
<bug_local>Yes</bug_local>
<bug_severity>Low</bug_severity>
<bug_popularity>4</bug_popularity>
<bug_simplicity>8</bug_simplicity>
<bug_impact>3</bug_impact>
<bug_risk>5</bug_risk>
<source_literature>Hacking Exposed: Network Security Secrets & Solutions, Stuart McClure, Joel Scambray and George Kurtz, February 25, 2003, 4th Edition, McGraw-Hill Osborne Media, ISBN 0072227427</source_literature>
<source_misc>http://www.cse.ohio-state.edu/cgi-bin/rfc/rfc2616.html</source_misc>