Uploaded image for project: 'Sentry (Retired)'
  1. Sentry (Retired)
  2. SENTRY-2068

Disable HTTP TRACE method from the Sentry Web Server

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 1.8.0
    • 2.0.0
    • Sentry
    • None

    Description

      The HTTP TRACE method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes. An attacker can create a webpage using XMLHTTP, ActiveX, or XMLDOM to cause a client to issue a TRACE request and capture the client's cookies. This effectively results in a Cross-Site Scripting attack.

      We should disable the HTTP TRACE method from the Web Server.

      Attachments

        1. SENTRY-2068.1.patch
          3 kB
          Sergio Peña
        2. SENTRY-2068.2.patch
          7 kB
          Sergio Peña

        Issue Links

          Activity

            People

              spena Sergio Peña
              spena Sergio Peña
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Slack

                  Issue deployment