Tweet

HTTP TRACE,TRACK Method Enabled

By Doing Simple Curl remote attackers can Identify Which server is running, In the below Example we can see the sample server is running on express js With HTTP Method Trace Enabled for More Information on HTTP Method Visit OWSAP HTTP

If the remote Web server supports the TRACE and/or TRACK HTTP methods, it make easier for remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism A TRACE returns the headers sent with the TRACE request to the client

curl -v -I  http://analytics-zariga.rhcloud.com 
The curl Output
* Rebuilt URL to: http://analytics-zariga.rhcloud.com/
*   Trying 52.90.151.114...
* Connected to analytics-zariga.rhcloud.com (52.90.151.114) port 80 (#0)
> HEAD / HTTP/1.1
> Host: analytics-zariga.rhcloud.com
> User-Agent: curl/7.43.0
> Accept: */*
> 
< HTTP/1.1 200 OK
< Date: Mon, 01 Feb 2016 17:59:56 GMT
< X-Powered-By: Express
< Content-Type: text/html
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Methods: GET,DELETE,POST,TRACE,OPTIONS,PUT,HEAD
< Access-Control-Allow-Headers: Content-Type
< Access-Control-Max-Age: 86400
< Content-Length: 75354
< Vary: Accept-Encoding