[ale] Status 302 instead of 405 HTTP

Lightner, Jeff jlightner at water.com
Fri Sep 24 14:05:04 EDT 2010 

Nessus picked up TRACE/TRACK vulnerability in a recently loaded web
server.   

 

The fix is to either (old) add ReWrite rules or (new) add "TraceEnable
off" to the httpd.conf.   (I did the latter.)

 

On delving into this I found a couple of articles that suggest I should
be able to see the vulnerability doing a telnet to the web server as
shown below.   Instead I'm getting a 302 due to an existing ReWrite rule
that redirects all traffic to a specific web page on the server.
Obviously Nessus is seeing beyond the rewrite and getting the
information.   Is there something I could do in a telnet session that
would let me see beyond it?   (The idea being to test it myself before
and after the change to httpd.conf without having to run a full Nessus
scan.)

 

telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
TRACE / HTTP/1.1
Host: 127.0.0.1
(Here Press ENTER twice)

 

This should show something like:

HTTP/1.1 200 OK
Date: Thu, 22 Apr 2010 10:36:58 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: 127.0.0.1

Connection closed by foreign host.

 

 

But instead shows:

HTTP/1.1 302 Found

Date: Fri, 24 Sep 2010 17:57:25 GMT

Server: Apache

Location: http://www.mydomain.com/

Content-Length: 206

Connection: close

Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">

<html><head>

<title>302 Found</title>

</head><body>

<h1>Found</h1>

<p>The document has moved <a
href="http://www.mydomain.com/">here</a>.</p>

</body></html>
 
Proud partner. Susan G. Komen for the Cure.
 
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20100924/cd2cb23e/attachment.html

More information about the Ale mailing list