Cross-site tracing

It s a network security vulnerability exploiting the HTTP TRACE method.

XST scripts exploit ActiveX, Flash, Java or any other controls that allow executing an HTTP TRACE request.

The HTTP TRACE response includes all the HTTP headers including authentication data and HTTP cookie contents, which are then available to the script.

In combination with cross domain access flaws in web browsers, the exploit is able to collect the cached credentials of any web site, including those utilizing SSL.

Read the rest of the article here

You are reading page 1 of 1

Have you read these related articles?

News
Special reports
Techtionary
Events
Podcasts
TechDealsPro
Software

HP New Procurve Range Takes On Cisco With The Help of Colubris Networks

HP ProCurve on Monday announced the integration of the entire product range of Colubris Networks, a company acquired by HP recently, into ...

Converged communication networks : What you need to know

With the growth of converged communication networks and its spread to the SME’s, it is important to be aware of pitfalls ...

New TCP/IP stack flaws pose serious DDOS attack risk

Whilst scanning the wires for security news, I came across a report on the Scandinavian wires that a couple of researchers there ...

Unified Communications : Are you Ready?
In this white paper you’ll learn how two of the most respected industry analysts define unified communications and why organizations are ...

Application Virtualisation : An Application for the 21st Century
In decoupling applications from the desktop operating system to run independently from the main OS, IT Professionals can negate registry cleanouts and ...

Scalability
In telecommunications and software engineering, scalability is a desirable property of a system, a network, or a process, which indicates its ability ...

Neural network
Traditionally, the term neural network had been used to refer to a network or circuit of biological neurons

Load balancing

In computer networking, Load Balancing is a technique to spread work between two or more computers, network links, CPUs, hard drives, or ...

Storage area network
In computing, a storage area network (SAN) is an architecture to attach remote computer storage devices to servers

Extensible Authentication Protocol (EAP)

It is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined by RFC 3748

Gartner Wireless & Mobile Summit

23-24 April 2008 | London | Royal Lancaster Hotel

Gartner Enterprise Networking & Communications Summit

23-24 April 2008, Royal Lancaster Hotel, London

Enterprise IP VPN (Secure Site to Site & Remote Access) 2008 Forum
12th March, Inmarsat Conference Centre, London

John Sheedy : End point security in focus
Straight from the expert's mouth

D-Link DNS 313 1-Bay Network Storage Enclosure, £66.99
A NAS with Serial ATA-150 and Gigabit Ethernet

D-Link AirPlus DSL-924 Wireless Router Kit, £24.98 delivered
The D-Link DSL-924 kit includes DSL-G624T wireless ADSL router and DWL-G122 Wireless USB Adapter

Netgear ProSafe GS116 16-port Gigabit Switch, only £99.87

Moves huge files fast! Features 16 high-speed, auto-switching 10/100/1000 Mbps Ethernet connections

Plexus 10/100/1000 Mbps Network Interface Card, £6.98

Give a boost to your network speed

Belkin ADSL Modem with built in 125g Wireless Router, £34.99 delivered
Superb Speed, Top notch brand

Total Network Monitor 1.0

Total Network Monitor is a software for the continuous control over the performance of your network, separate computers, network and system utilities ...

LanFlow Net Diagrammer 6.07.2024

LanFlow is a drawing tool for laying out, designing, and documenting a network, LAN, internet,vector or other communications system

Posted by Desire Athow on 06 June 2008

Désiré Athow is the Content Editor for ITProportal.com and has been writing tech articles for nearly a decade. You can follow him on Twitter.

Tags: Networks

Newsletter:

To become a member of ITProPortal Register here.

Cross-site tracing

iPhone

Netbooks

Yahoo's Downfall