question

trung d. avatar image
trung d. asked ·

AppMon 6.5.0.1289 How to disable HTTP TRACE method?

DIAGNOSIS

The remote Web server supports the TRACE and/or TRACK HTTP methods, which makes it easier for remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. Track / Trace are required to be disabled to be PCI compliance.

CONSEQUENCE

If this vulnerability is successfully exploited, attackers can potentially steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism.

How do I disable HTTP trace method on my Dynatrace server port 8040, 8041, 8042, 8043?

Thank you for your time.

security
1 comment
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Hi Trung,

Are you able to fix this issue.Can you please let us know if you got any fix.

Thanks,

Tarun

0 Likes 0 · ·

1 Answer

trung d. avatar image
trung d. answered ·

Upgrade AppMon to 7.2 and the problem is fixed.

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.