Project

General

Custom queries

Profile

Actions
Copy link

Bug #14667

closed

Disable TRACE in Apache

Added by Brian Shaw about 9 years ago. Updated over 7 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
External modules
Target version:
-
Difficulty:
trivial
Triaged:
Bugzilla link:
1271144
Pull request:
https://github.com/theforeman/foreman-installer/pull/236
Fixed in Releases:
Found in Releases:
Foreman - 1.10.2
Red Hat JIRA:

Description

TRACE should be disabled in Apache per CERT Vulnerability Note VU#867593 (http://www.kb.cert.org/vuls/id/867593)

The attached patch file disables TRACE, ServerSignature, and minimizes ServerTokens to reduce the gathering of attack vector data in a production environment.

Files

httpd.conf-p0.patch httpd.conf-p0.patch 442 Bytes TRACE patch Brian Shaw, 04/15/2016 10:25 AM
#1

Updated by Brian Shaw about 9 years ago

#2

Updated by Dominic Cleal about 9 years ago

  • Project changed from Foreman to Installer
  • Category changed from Security to External modules
  • Status changed from New to Feedback
#4

Updated by Dominic Cleal about 9 years ago

  • Status changed from Feedback to Rejected
#5

Updated by Tomer Brisker almost 8 years ago

  • Status changed from Rejected to Closed
  • Pull request https://github.com/theforeman/foreman-installer/pull/236 added
#6

Updated by Tomer Brisker over 7 years ago

  • Bugzilla link set to 1271144
Actions
Copy link

Also available in: Atom PDF