Good question. Probably a medium warning that there is broken browsers who can misunderstand the results of TRACE..
You can always disable TRACE to be on the safe side.. it is not a method normally used. acl TRACE method TRACE http_access deny TRACE I have not idea how to even invoke a TRACE from a browser. Have only seen it done with special purpose tools.. Regards Henrik On Friday 07 March 2003 14.48, Victor Jose Hernandez Gomez wrote: > Hi, > > We are using nessus, as a helper app to look for vulnerabilities in > our network. The last version of nessus has shown the warning you > will find in the next lines, attached to the port squid is > listening to, �do you know if it may represent a vulnerability or > it is just a false positive? I am not very sure, as TRACE is not > normaly used. > > Thank you for your help,
