{}

Nossas Marcas

0 a contagem de itens de documentos
Impact-Company-Logo-English Black-01-177x54
Meus produtos O total de itens no carrinho é de 0 Meus Documentos O total de itens no carrinho é de 0
Impact-Company-Logo-English Black-01-177x54

Bem-vindo ao website da Schneider Electric

Bem-vindo ao nosso site.
Suporte
Pesquisar perguntas frequentes
FA159683
Como podemos ajudar você hoje?
Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Issue:
Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Product:
PowerChute Network Shutdown

Environment:
All support OS

Cause:
Jetty web server

Solution:

The PCNS application is hosted on a Jetty Web Server. By default Jetty appears to have the HTTP TRACE method enabled.

In earlier versions of PowerChute (prior to 4.0), in response to an HTTP OPTIONS request the Jetty Web Server lists TRACE as an available option. However the TRACE method is blocked by the PCNS application.

HTTP/1.1 405 Method Not Allowed is sent in response to any TRACE request. Therefore PCNS is not vulnerable to CrossSite Tracing.

Cross site tracing (XST) is a vulnerability exploiting the HTTP TRACE method.
Further information can be found here:

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

Publicado para:Schneider Electric Brasil

Conheça mais
Linha:
PowerChute Network Shutdown
Artigos que podem ser úteis
Mostrar mais artigosshow more
Conheça mais
Linha:
PowerChute Network Shutdown