Skip to main content

HTTP TRACE / TRACK Methods Allowed Vulnerability

HTTP TRACE / TRACK Methods Allowed is one of the vulnerabilities which haunts Apache server.

To remove this vulnerability,

1. Modify httpd.conf add the following lines at the end of the file.

#Added by Mithun Ashok to remove vulnerabilities
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]

2. Restart Apache.

Following steps can be used for Oracle E-Biz Suite 11i in along with modifying httpd.conf.


In 11i, this vulnerability not only surfaces for http port but also for httpd_pls as well as oprocmgr port. Follow the steps below to remove HTTP Trace and Track for httpd_pls and oprocmgr port.


3. Modify httpd.conf,

First comment following line in httpd.conf,

AddModule mod_rewrite.c
and then add the same line,

AddModule mod_rewrite.c
before the line below,



include "$IAS_ORACLE_HOME/Apache/Apache/conf/oprocmgr.conf"


4. Modify oprocmgr.conf,

 <Location /oprocmgr-service>
       SetHandler oprocmgr-service
     </Location>
     <Location /oprocmgr-status>
       SetHandler oprocmgr-status
     </Location>
   </VirtualHost>
</IfModule>
# End of oprocmgr directives.


to


 <Location /oprocmgr-service>
       SetHandler oprocmgr-service
     </Location>
     <Location /oprocmgr-status>
       SetHandler oprocmgr-status
     </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
   </VirtualHost>
</IfModule>
# End of oprocmgr directives.


5. Modify httpd_pls.conf add the following lines at the end of the file.

#Added by Mithun Ashok to remove vulnerabilities
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]


6. Modify httpd_pls.conf modify following section from,

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Deny from all
    Allow from localhost
  </Location>
</VirtualHost>

to

<VirtualHost _default_:*>
  <Location />
    Order deny,allow
    Deny from all
    Allow from localhost
  </Location>
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
</VirtualHost>

6. Restart Apache.

Labels:

Comments

Post a Comment

Popular posts from this blog

Basics of RDBMS

Data Small set of information becomes data, this set of information helps make decision. Data is always some useful information. Database Place where you store the data. Database represents some aspect of the real world called "miniworld". A database is designed, built and populated with data for a specific purpose. It has intended group of users and some preconceived applications in which these users are interested. In other words, a database has some source from which data is derived, some degree of interaction with events in the real world and an audience that is actively interested in the contents of the database. Database can also be defined as collection of one or more tables. Ex: Mobile, human brain etc DBMS (Database Management System ) Is a program that stores retrieves and modifies data in the database on request. Study of different techniques of design, development and maintenance of the database Types of DBMS These types are based upon their m...
101 comments
Read more

SQL Interview Questions

1. CLICK HERE FOR QUESTIONS ON BASIC SELECT     2. CLICK HERE FOR QUESTIONS ON BASIC SELECT WITH CONDITION   3.  CLICK HERE FOR QUESTIONS FROM QSPIDERS   4. CLICK HERE FOR QUESTIONS ON FUNCTIONS   5. CLICK HERE FOR QUESTIONS ON SUBQUERIES 6. CLICK HERE FOR MORE QUESTIONS ON SQL       CLICK HERE FOR ANSWERS   Some more Online Questions.   On WIZIQ.COM  -- 66 Questions and its answers Found by Neha Abhay Kumar   On SCRIBD.COM   -- 235 Questions and its answers                                               
50 comments
Read more