Mbedthis AppWeb HTTP TRACE Information Disclosure Vulnerability

Mbedthis AppWeb is prone to an information-disclosure vulnerability.

The vulnerability presents itself because the server responds to the HTTP TRACE request by default.

With HTTP TRACE functionality enabled by default, an attacker can compromise user accounts by gaining access to sensitive header information. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials.


 

Privacy Statement
Copyright 2010, SecurityFocus