RelateIQ: TRACE disclosure attack may be possible

2014-03-19T23:20:32
ID H1:4409
Type hackerone
Reporter eronx
Modified 2014-07-25T20:58:25

Description

I have tried to check if Cross Site Tracing is possible, fired up my command line and curl -X TRACE www.relateIQ.com.

The response may not actually shows it is vulnerable, but it is not as well a message for properly configured " no " to Cross Site Tracing attack.

Kindly check it sir.

Thank you very much.

For more information: https://www.owasp.org/index.php/Cross_Site_Tracing

Clifford