Re: [mod-security-users] TRACK|TRACE Problem/Question
Brought to you by:
victorhora,
zimmerletw
From: Ofer S. <OferS@Breach.com> - 2007-08-13 23:12:16
|
The directives that you use are not ModSecurity directives. If you want to block TRACK and TRACE, you can use the Core Rule Set available with ModSecurity 2.x. It will probably block a handful of other Nessus attack vectors. =20 ~ Ofer =20 From: mod...@li... [mailto:mod...@li...] On Behalf Of Christopher J Bidwell Sent: Tuesday, August 14, 2007 2:06 AM To: mod...@li... Subject: [mod-security-users] TRACK|TRACE Problem/Question =20 Hi all, I'm new to this list so please bare with me on any questions which may be redundant to any previously asked questions.=20 I have two questions:=20 1. Is there a way that I can get modsecurity2 to work with apache1? =20 2. I'm currently using modsecurity1.9 with apache1 and would like to know the syntax to block this (which is a result of a nessus scan).=20 I've added the sequence:=20 RewriteEngine on=20 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)=20 RewriteRule .* - [F]=20 And get no change in the result of a vulnerability scan. Any help would be greatly appreciated.=20 HTTP TRACE Method Enabled=20 Synopsis :=20 Debugging functions are enabled on the remote HTTP server.=20 Description :=20 The remote webserver supports the TRACE and/or TRACK methods. TRACE and TRACK=20 are HTTP methods which are used to debug web server connections.=20 It has been shown that servers supporting this method are subject to=20 cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when=20 used in conjunction with various weaknesses in browsers.=20 An attacker may use this flaw to trick your legitimate web users to give him their credentials.=20 Solution :=20 Disable these methods.=20 See also :=20 http://www.kb.cert.org/vuls/id/867593=20 Risk factor :=20 Low / CVSS Base Score : 2=20 (AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)=20 Solution :=20 Add the following lines for each virtual host in your configuration file :=20 RewriteEngine on=20 RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)=20 RewriteRule .* - [F]=20 Plugin output :=20 The server response from a TRACE request is :=20 TRACE /Nessus19976.html HTTP/1.1=20 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*=20 Accept-Charset: iso-8859-1,*,utf-8=20 Accept-Language: en=20 Connection: Keep-Alive=20 Host: #########.###.###.###=20 Pragma: no-cache=20 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)=20 CVE : CVE-2004-2320, CVE-2004-2320, CVE-2004-2320=20 BID : 9506, 9561, 11604, 9506, 9561, 11604, 9506, 9561, 11604=20 Nessus ID : 11213=20 ---------------- Thanks, Chris |