{}

Nos marques

Bienvenue sur le site Web de Schneider Electric

Bienvenue sur notre site Web.
Consulter notre FAQ
Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Issue:
Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Product:
PowerChute Network Shutdown

Environment:
All support OS

Cause:
Jetty web server

Solution:

The PCNS application is hosted on a Jetty Web Server. By default Jetty appears to have the HTTP TRACE method enabled.

In earlier versions of PowerChute (prior to 4.0), in response to an HTTP OPTIONS request the Jetty Web Server lists TRACE as an available option. However the TRACE method is blocked by the PCNS application.

HTTP/1.1 405 Method Not Allowed is sent in response to any TRACE request. Therefore PCNS is not vulnerable to CrossSite Tracing.

Cross site tracing (XST) is a vulnerability exploiting the HTTP TRACE method.
Further information can be found here:

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

Schneider Electric Algeria

Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Issue:
Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Product:
PowerChute Network Shutdown

Environment:
All support OS

Cause:
Jetty web server

Solution:

The PCNS application is hosted on a Jetty Web Server. By default Jetty appears to have the HTTP TRACE method enabled.

In earlier versions of PowerChute (prior to 4.0), in response to an HTTP OPTIONS request the Jetty Web Server lists TRACE as an available option. However the TRACE method is blocked by the PCNS application.

HTTP/1.1 405 Method Not Allowed is sent in response to any TRACE request. Therefore PCNS is not vulnerable to CrossSite Tracing.

Cross site tracing (XST) is a vulnerability exploiting the HTTP TRACE method.
Further information can be found here:

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

Schneider Electric Algeria

Your browser is out of date and has known security issues.

It also may not display all features of this website or other websites.

Please upgrade your browser to access all of the features of this website.

Latest version for Google Chrome, Mozilla Firefox or Microsoft Edgeis recommended for optimal functionality.
Your browser is out of date and has known security issues.

It also may not display all features of this website or other websites.

Please upgrade your browser to access all of the features of this website.

Latest version for Google Chrome, Mozilla Firefox or Microsoft Edgeis recommended for optimal functionality.