Monday, 3 July 2017

HTTP TRACE / TRACK Methods Enabled (CVE-2004-2320, CVE-2010-0386, CVE-2003-1567)

Treat: "The remote Web server supports the TRACE and/or TRACK HTTP methods, which makes it easier for remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism.
Track / Trace are required to be disabled to be PCI compliance."

Impact: If this vulnerability is successfully exploited, attackers can potentially steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism.

Solution: Disable these methods in your web server's configuration file.

Fix:  echo TraceEnable off >>/etc/httpd/conf/httpd.conf

Restart apache service

Disable TLSv1.0 and enable TLSv1.2 protocol in apache

Disable the use of TLSv1.0 protocol in favor of a cryptographically stronger protocol such as TLSv1.2.

The following openssl commands can be used to do a manual test:
openssl s_client -connect ip:port -tls1

If the test is successful, then the target support TLSv1

[root@test ~]# grep SSLProtocol /etc/httpd/conf.modules.d/ssl.conf
#  SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
  SSLProtocol TLSv1.2
[root@test ~]#