TRACE used to increase the dangerous of XSS.
From: Jeremiah Grossman (jeremiah@whitehatsec.com)
Date: 01/22/03
- Previous message: MGhz: "Zorum Portal (PHP)"
- Next in thread: Thor Larholm: "RE: TRACE used to increase the dangerous of XSS."
- Maybe reply: Thor Larholm: "RE: TRACE used to increase the dangerous of XSS."
- Reply: Doug Monroe: "Re: TRACE used to increase the dangerous of XSS."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Jeremiah Grossman <jeremiah@whitehatsec.com> To: bugtraq@securityfocus.com, webappsec@securityfocus.com, "vulnwatch@vulnwatch.org" <vulnwatch@vulnwatch.org> Date: 22 Jan 2003 12:32:58 -0800
WhiteHat Security has released a new white paper discussing a new class
of web-app-sec attack (XST) which potentially affects all web servers
supporting TRACE.
The white paper explains all the detailed technical results we have
found so far. We are fairly certain this particular issue will spark
much debate and encourage those interested to read and comment.
White Paper Mirrors:
http://www.betanews.com/whitehat/WH-WhitePaper_XST_ebook.pdf
http://www.cgisecurity.com/whitehat-mirror/WhitePaper_screen.pdf
http://www.boarder.org/WH-WhitePaper_XST_ebook.pdf
http://www.forumgalaxy.com/whmirror/WhitePaper_screen.pdf
Press Release
http://www.whitehatsec.com/press_releases/WH-PR-20030120.txt
- Next message: OpenPKG: "[OpenPKG-SA-2003.004] OpenPKG Security Advisory (cvs)"
- Previous message: MGhz: "Zorum Portal (PHP)"
- Next in thread: Thor Larholm: "RE: TRACE used to increase the dangerous of XSS."
- Maybe reply: Thor Larholm: "RE: TRACE used to increase the dangerous of XSS."
- Reply: Doug Monroe: "Re: TRACE used to increase the dangerous of XSS."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
