Re: http trace option
From: Jeremia d. (jdb_at_penguin-security.com-NOSPAM)
Date: 05/09/03
- Next message: Tom: "Keon ?"
- Previous message: Security Alert: "SSRT3531 Potential Security Vulnerability in sendmail (rev.4)"
- In reply to: mike: "http trace option"
- Next in thread: mike: "Re: http trace option"
- Reply: mike: "Re: http trace option"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 09 May 2003 15:11:12 -0400
On Fri, 09 May 2003 04:41:48 -0700, mike wrote:
> hi
>
> we are running iplanet 6.0 sp4 on solaris and would like to turn off
> HTTP trace option according to the security bulletin from SUN
>
> http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50603
>
> however after following the instructions and using an update scanner
> to scan for HTTP trace, the scanner still detects that HTTP trace is
> enabled.
> Are there any steps we missed?? or is it a probable false positive ??
>
> thanks
Did you add
<Client method="TRACE">
AuthTrans fn="set-variable"
remove-headers="transfer-encoding"
set-headers="content-length: -1"
error="501"
</Client>
to obj.conf?
- Next message: Tom: "Keon ?"
- Previous message: Security Alert: "SSRT3531 Potential Security Vulnerability in sendmail (rev.4)"
- In reply to: mike: "http trace option"
- Next in thread: mike: "Re: http trace option"
- Reply: mike: "Re: http trace option"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
