in location

OR

I'm looking for

  • Wholesalers
    • Uncheck All Check All
  • EXPERTISE
    • Expand
    • Expand
    • Expand
    • Uncheck All Check All
  • Switchboard Manufacturers
    • Uncheck All Check All
OR

The best way to see what Clipsal electric products can do for your home is seeing them in action at a Clipsal Powerhouse Display Centre.

Product stock may vary according to location. If you're after a specific product range, please check with your chosen location before visiting.

10 Results
    Load More Load Complete
    Change Location

    Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

    Issue:
    Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

    Product:
    PowerChute Network Shutdown

    Environment:
    All support OS

    Cause:
    Jetty web server

    Solution:

    The PCNS application is hosted on a Jetty Web Server. By default Jetty appears to have the HTTP TRACE method enabled.

    In earlier versions of PowerChute (prior to 4.0), in response to an HTTP OPTIONS request the Jetty Web Server lists TRACE as an available option. However the TRACE method is blocked by the PCNS application.

    HTTP/1.1 405 Method Not Allowed is sent in response to any TRACE request. Therefore PCNS is not vulnerable to CrossSite Tracing.

    Cross site tracing (XST) is a vulnerability exploiting the HTTP TRACE method.
    Further information can be found here:

    http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

    Didn’t find what you were looking for?

    Try Searching Again View Our Categories

    Need further assistance?

    Our Customer Care department provides total customer service solutions for our residential, industrial and commercial applications.

    Get Assistance