"TRACE" http method is enabled #1

ksingh3 / MediaWiki

This repo containerize mediawiki application along with mariadb and apache. Helm charts setup here installs the application and database and also help in rolling out updates.

0 stars 0 forks source link

"TRACE" http method is enabled #1 #1

Open conf-test opened 3 years ago

conf-test commented 3 years ago

Hi,

I'm security researcher. Thank you for providing this useful docker image! After I set it up, I found the "TRACE" http method are enabled in this repo. This seems to be not recommended as https://www.acunetix.com/vulnerabilities/web/trace-method-is-enabled/ and you can fix with https://www.techstacks.com/howto/disable-tracetrack-in-apache-httpd.html.

If you want, I can create a pull request to help fix it. Please let me what you think. Thanks!

Best, ~cf

ksingh3 commented 3 years ago

Hi,

Yeah sure, please create a pull request. Thanks