Forum OpenACS Q&A: TRACE vulnerability in Aolserver?

Collapse
1: TRACE vulnerability in Aolserver?
Posted by Jade Rubick on 01/23/03 01:11 AM
I asked on the Aolserver list but haven't received an answer yet. Has anybody looked into whether Aolserver is vulnerable to the newly revealed TRACE vulnerability?

http://www.boarder.org/WH-WhitePaper_XST_ebook.pdf

Collapse
2: Re: TRACE vulnerability in Aolserver? (response to 1)
Posted by Jon Griffin on 01/23/03 01:31 AM
The easy answer is no. AOLserver doesn't respond because it doesn't use HTTP 1.1.

This may change in version 4.x I am not sure.