Vulnerability scan revealed the HTTP Track/Trace method is being enabled for PAM Proxy
search cancel

Vulnerability scan revealed the HTTP Track/Trace method is being enabled for PAM Proxy

book

Article ID: 252244

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

Scan revealed that the HTTP Track/Trace method is being enabled for the web service running on port 27077. A local or remote unprivileged user may be able to abuse the HTTP TRACE/TRACK functionality to gain access to sensitive information in HTTP headers when making HTTP requests. https://cwe.mitre.org/data/definitions/16.html

Environment

Release : 4.0.3

Cause

HTTP Track/Trace method is being enabled for the web service running on port 27077.

Resolution

File a support case requesting a WindowsProxy related hotfix. Attach the vulnerability scan report to that support case.

Additional Information

None.