CAPEC-107
Description
Cross Site Tracing (XST) enables an adversary to steal the victim's session cookie and possibly other authentication credentials transmitted in the header of the HTTP request when the victim's browser communicates to a destination system's web server.
Prerequisites
HTTP TRACE is enabled on the web server
The destination system is susceptible to XSS or an adversary can leverage some other weakness to bypass the same origin policy
Scripting is enabled in the client's browser
HTTP is used as the communication protocol between the server and the client
Mitigations
Administrators should disable support for HTTP TRACE at the destination's web server. Vendors should disable TRACE by default.
Patch web browser against known security origin policy bypass exploits.
Skills Required
[Medium] Understanding of the HTTP protocol and an ability to craft a malicious script