Medium HTTP TRACE / TRACK Methods Allowed

jintocochin · ‎05-18-2013

Hi Guys..

Recentré I have identifies a Vulnérabilité gap in v-center sevrer thaï si " HTTP TRACE / TRACK Methods Allowed"

I'm look for khat gap fix without version upgrade.. any one can help out this ?

kcoe · ‎05-31-2013

I had a security audit performed and findings pointed out VMware Inventory service was the culprit.

ESXi 5.0.0

server:10080

Here is the output from NMAP, the port is definitely open. Possibly not Apache

Nmap scan report for server

Host is up (0.0079s latency).

PORT STATE SERVICE VERSION

10080/tcp open http Jetty 6.1.24

I have had this issue with several other web servers (IIS, Apache), I am able to remediate these issues on IIS and Apache, but have not found a solution for VMware Inventory Service.

Anyone else seen this issue?

kcoe · ‎05-31-2013

Ticket opened with VMware Technical Support, I will post details once I get more information

kcoe · ‎06-11-2013

VMware Technical Support confirms this issue will be resolved in 5.0.2.

Once I upgrade and rescan these servers, I will report back.