Customer's vulnerability scan that calls the vulnerability (HTTP TRACE Method Enabled - CWE 16) for PAM port 9092. The HTTP TRACE method is normally used to return the full HTTP request back to the requesting client for proxy-debugging purposes. A local or remote unprivileged user may be able to abuse the HTTP TRACE/TRACK functionality to gain access to sensitive information in HTTP headers when making HTTP requests. https://cwe.mitre.org/data/definitions/16.html
Release : 4.0
A local or remote unprivileged user may be able to abuse the HTTP TRACE/TRACK functionality to gain access to sensitive information
Upgrade to PAM version 4.0.1 and above, where Port 9092 has been disabled.
None.