Mantis Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0008760ProcessMaker [Community]1.C . . . . OS & System Configurationpublic2012-03-16 11:182012-12-12 11:26
Reporteramosbatto 
Assigned Toerik 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionno change required 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0008760: Disable TRACE support in Apache to stop cross-site scripting XSS
Descriptionmanchesterfan in the forum notes that ProcessMaker is vulnerable to XSS attacks because TRACE support is enabled by default in Apache. See:
http://forum.processmaker.com/viewtopic.php?f=9&t=7214 [^]

US-CERT Vulnerability Note VU#867593 - Web servers enable HTTP TRACE method by default:
http://www.kb.cert.org/vuls/id/867593 [^]

To fix this, the following line should be added to the pmos.conf file:
  TraceEnable Off 

TagsNo tags attached.
New Feature RequestNo
QA-Test Case ID
Attached Filesjpg file icon page1.jpg [^] (269,284 bytes) 2012-03-16 12:32
jpg file icon page2.jpg [^] (228,898 bytes) 2012-03-16 12:33

- Relationships

-  Notes
(0018507)
manchesterfan (reporter)
2012-03-16 11:38
edited on: 2012-03-16 13:29

Hi Amos, thanks for doing this.

(0018508)
manchesterfan (reporter)
2012-03-16 13:32

When you get a chance Amos, free to let me know of an ETA for the resolution of this bug. Thanks so very much! : )
(0018526)
fernando (administrator)
2012-03-19 15:48

We are adding this line in the virtual host conf... Pmos.conf
(0018909)
erik (administrator)
2012-04-05 16:27
edited on: 2012-04-10 18:33

***NO_CHANGES_REQUIRED***

The suggest was acepted, now our installer and tar & rpm packages will be with that rule by default on virtualhost configuration file


- Issue History
Date Modified Username Field Change
2012-03-16 11:18 amosbatto New Issue
2012-03-16 11:18 amosbatto Status new => assigned
2012-03-16 11:18 amosbatto Assigned To => erik
2012-03-16 11:19 amosbatto Description Updated View Revisions
2012-03-16 11:38 manchesterfan Note Added: 0018507
2012-03-16 11:49 manchesterfan Note View State: 0018507: private
2012-03-16 12:30 manchesterfan Note View State: 0018507: public
2012-03-16 12:30 manchesterfan Note View State: 0018507: private
2012-03-16 12:31 manchesterfan Note View State: 0018507: public
2012-03-16 12:31 manchesterfan Note View State: 0018507: private
2012-03-16 12:32 manchesterfan File Added: page1.jpg
2012-03-16 12:33 manchesterfan File Added: page2.jpg
2012-03-16 12:33 manchesterfan Note View State: 0018507: public
2012-03-16 12:33 manchesterfan Note View State: 0018507: private
2012-03-16 13:29 manchesterfan Note View State: 0018507: public
2012-03-16 13:29 manchesterfan Note Edited: 0018507 View Revisions
2012-03-16 13:32 manchesterfan Note Added: 0018508
2012-03-19 15:48 fernando Note Added: 0018526
2012-03-19 15:48 fernando Status assigned => confirmed
2012-04-05 16:27 erik Note Added: 0018948
2012-04-05 16:27 erik Status confirmed => resolved
2012-04-05 16:27 erik Resolution open => no change required
2012-04-10 18:33 erik Note Edited: 0018909 View Revisions
2012-12-12 11:26 lizalina Status resolved => closed


Copyright © 2000 - 2010 MantisBT Group
Powered by Mantis Bugtracker