Re: [mod-security-users] TRACK|TRACE Problem/Question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

The directives that you use are not ModSecurity directives. If you want
to block TRACK and TRACE, you can use the Core Rule Set available with
ModSecurity 2.x. It will probably block a handful of other Nessus attack
vectors.

=20

~ Ofer

=20

From: mod...@li...
[mailto:mod...@li...] On Behalf Of
Christopher J Bidwell
Sent: Tuesday, August 14, 2007 2:06 AM
To: mod...@li...
Subject: [mod-security-users] TRACK|TRACE Problem/Question

=20

Hi all, I'm  new to this list so please bare with me on any questions
which may be redundant to any previously asked questions.=20

I have two questions:=20

1. Is there a way that I can get modsecurity2 to work with apache1?  =20

2. I'm currently using modsecurity1.9 with apache1 and would like to
know the syntax to block this (which is a result of a nessus scan).=20
        I've added the sequence:=20

RewriteEngine on=20
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)=20
RewriteRule .* - [F]=20

        And get no change in the result of a vulnerability scan.  Any
help would be greatly appreciated.=20

HTTP TRACE Method Enabled=20

Synopsis :=20

Debugging functions are enabled on the remote HTTP server.=20

Description :=20

The remote webserver supports the TRACE and/or TRACK methods. TRACE and
TRACK=20
are HTTP methods which are used to debug web server connections.=20

It has been shown that servers supporting this method are subject to=20
cross-site-scripting attacks, dubbed XST for "Cross-Site-Tracing", when=20
used in conjunction with various weaknesses in browsers.=20

An attacker may use this flaw to trick your legitimate web users to give

him their credentials.=20

Solution :=20

Disable these methods.=20

See also :=20

http://www.kb.cert.org/vuls/id/867593=20

Risk factor :=20

Low / CVSS Base Score : 2=20
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)=20
Solution :=20

Add the following lines for each virtual host in your configuration file
:=20

RewriteEngine on=20
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)=20
RewriteRule .* - [F]=20

Plugin output :=20

The server response from a TRACE request is :=20

TRACE /Nessus19976.html HTTP/1.1=20
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png,
*/*=20
Accept-Charset: iso-8859-1,*,utf-8=20
Accept-Language: en=20
Connection: Keep-Alive=20
Host: #########.###.###.###=20
Pragma: no-cache=20
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)=20

CVE : CVE-2004-2320, CVE-2004-2320, CVE-2004-2320=20
BID : 9506, 9561, 11604, 9506, 9561, 11604, 9506, 9561, 11604=20

Nessus ID : 11213=20
----------------
Thanks,

Chris