Acabo de instalar (justo ayer) nessus y me dediqué a hacer una configuración básica y leer un poco como se configura y se escanea, después de hacer unos primeros escaneos, hoy me decidí a escanear toda la red a ver que me encontraba, y esto es algo que me escupió:
Warning:
Your webserver supports the TRACE and/or TRACK methods. TRACE and TRACK
are HTTP methods which are used to debug web server connections.
It has been shown that servers supporting this method are subject
to cross-site-scripting attacks, dubbed XST for
"Cross-Site-Tracing", when used in conjunction with
various weaknesses in browsers.
An attacker may use this flaw to trick your
legitimate web users to give him their
credentials.
Solution: Disable these methods.
If you are using Apache, add the following lines for each virtual
host in your configuration file :
RewriteEngine on
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
Entonces, me voy a poner a revisar los servidores apache con ssl que tengo ;)
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment