2 Replies Latest reply: Feb 20, 2014 4:14 PM by signaldecay
William Bowden1 Level 1 (35 points)
Thinking caps on
My server keeps failing PCI security checks because port 8008 has a TRACE vulnerability

tested myself


HTTP/1.1 200 OK
Content-Length: 18
Accept-Ranges: bytes
Server: Twisted/8.2.0 TwistedWeb/8.2.0
Last-Modified: Sat, 27 Feb 2010 13:33:53 GMT
DAV: 1, access-control
ETag: "4534C-88-4B891F41"
Date: Tue, 08 Mar 2011 14:37:07 GMT
Content-Type: message/http
Connection: close

Connection closed by foreign host.

now the web servers apache this TRACE is disabled but ical uses the calendarserve a python based system that runs its own Apache .

So any ideas how to disable TRACE and TRACK in iCal server

MacBook, Mac OS X (10.6.6)