Cross Site Tracing
Variants:
Direct
Also Known As:
HTTP TRACE-TRACK Abuse, TRACE header reflection
Vector Type:
Exploitation Method
Relevance:
Generic
Layer:
Web-Infrastructure-Level
Platforms:
Any
Target Type:
Web Application
Affected Mechanisms:
Web Server Configuration
Invented In:
20/01/2003
Added In:
30/12/2014
Vector Operation Method:
Abuse HTTP TRACE or TRACK methods to bypass http-only restrictions and gain access to cookies and other sensitive headers data from a malicious javascript executed in the user context.
