Untangle Forums - View Single Post - Vulnerabilities : HTTP TRACE Method Enabled

sky-knight · 07-02-2009, 10:21 PM

Untangle 6.2 runs on Debian Lenny.

Debian 5.0 (Lenny) configures apache 2 to use /etc/apache2/conf.d as a configuration directory by default. Any files in this directory with an extension of .conf will be executed by the Apache2 service when it loads. Feel free to create your own file in that directory, and make all the adjustments you want.

Also I should point out that this vulnerability appears to only work on the HTTP service. It does not seem to affect the HTTPS service. So this issue exposes only the internal management. I have run nessus scans on all my devices and not seen this issue from the outside.

*update*

An updated NESSUS scan on my internal interface of UT (I've never checked this before) reveals the trace vulnerability specifically on the HTTP service running on port 80. I'll work on a configuration file to deal with the adjustments in the morning. It really shouldn't be that hard to turn the trace feature off. Also, I repeat that this issue is only on the INTERNAL HTTP management only, and doesn't constitute an exterior vulnerability.

Also, if you want to get this picky about it, the DNS server shows a DNS Server Cache Snooping Information Disclosure vulnerability as well.

07-02-2009, 10:21 PM	#4 (permalink)
sky-knight Join Date: Apr 2008 Location: Phoenix, AZ URLs submitted: 8 Posts: 15,440	Untangle 6.2 runs on Debian Lenny. Debian 5.0 (Lenny) configures apache 2 to use /etc/apache2/conf.d as a configuration directory by default. Any files in this directory with an extension of .conf will be executed by the Apache2 service when it loads. Feel free to create your own file in that directory, and make all the adjustments you want. Also I should point out that this vulnerability appears to only work on the HTTP service. It does not seem to affect the HTTPS service. So this issue exposes only the internal management. I have run nessus scans on all my devices and not seen this issue from the outside. update An updated NESSUS scan on my internal interface of UT (I've never checked this before) reveals the trace vulnerability specifically on the HTTP service running on port 80. I'll work on a configuration file to deal with the adjustments in the morning. It really shouldn't be that hard to turn the trace feature off. Also, I repeat that this issue is only on the INTERNAL HTTP management only, and doesn't constitute an exterior vulnerability. Also, if you want to get this picky about it, the DNS server shows a DNS Server Cache Snooping Information Disclosure vulnerability as well. __________________ Rob Sandling, BS:SWE, MCP Intouch Technology Phone: 480-272-9889 rob@intouchtechllc.com UntangleAppliances.com Phone: 866-794-8879 Last edited by sky-knight; 07-02-2009 at 10:45 PM..