Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)? | Schneider Electric Singapore

0 item count of documents is

My Products Item count in basket is 0 My Documents Item count in basket is 0

Support

Search FAQs

FA159683

How can we help you today?

Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Issue:
Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Product:
PowerChute Network Shutdown

Environment:
All support OS

Cause:
Jetty web server

Solution:

The PCNS application is hosted on a Jetty Web Server. By default Jetty appears to have the HTTP TRACE method enabled.

In earlier versions of PowerChute (prior to 4.0), in response to an HTTP OPTIONS request the Jetty Web Server lists TRACE as an available option. However the TRACE method is blocked by the PCNS application.

HTTP/1.1 405 Method Not Allowed is sent in response to any TRACE request. Therefore PCNS is not vulnerable to CrossSite Tracing.

Cross site tracing (XST) is a vulnerability exploiting the HTTP TRACE method.
Further information can be found here:

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

Released for: Schneider Electric Singapore

Published on:13/08/2012Last Modified on:07/07/2025

Range:

PowerChute Network Shutdown

Range:

PowerChute Network Shutdown

Need help?

Product Selector

Quickly and easily find the right products and accessories for your applications.
Get a Quote

Start your sales enquiry online and an expert will connect with you.
Where to buy?

Easily find the nearest Schneider Electric distributor in your location.
Help Centre

Find support resources for all your needs, in one place.

Product Documentation
Software Downloads
Product Selector
Product Substitution and Replacement

Contact Support
Find our Offices
Get a Quote
Where to buy

Careers
Company Profile
Report a misconduct
Accessibility
Newsroom
Investors

EcoStruxure
Job Search
Blog

Legal Information
Privacy Policy
Cookie Notice
Terms of use
Change your cookie settings