https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/477511#M3912 <P><SPAN>Vulnerability Name:</SPAN><BR /><SPAN>11213:HTTP TRACE / TRACK Methods Allowed</SPAN><BR /><BR /><SPAN>Affected Hosts, Port(s), Vulnerability IDs:</SPAN><BR /><SPAN>Panmigration tool , tcp:80, 11213</SPAN></P> <P>&nbsp;</P> <P><SPAN>I see this Vulnerability on the Expedition Migration tool. Could you please suggest mitigation plan?</SPAN></P> Fri, 01 Apr 2022 08:06:05 GMT ShravanKumar 2022-04-01T08:06:05Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/477511#M3912 <P><SPAN>Vulnerability Name:</SPAN><BR /><SPAN>11213:HTTP TRACE / TRACK Methods Allowed</SPAN><BR /><BR /><SPAN>Affected Hosts, Port(s), Vulnerability IDs:</SPAN><BR /><SPAN>Panmigration tool , tcp:80, 11213</SPAN></P> <P>&nbsp;</P> <P><SPAN>I see this Vulnerability on the Expedition Migration tool. Could you please suggest mitigation plan?</SPAN></P> Fri, 01 Apr 2022 08:06:05 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/477511#M3912 ShravanKumar 2022-04-01T08:06:05Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/477623#M3915 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/136033">@ShravanKumar</a>&nbsp;httpd is not enabled in Expedition VM, you can try to validate using below command :</P> <P>&nbsp;</P> <P class="p1"><SPAN class="s1">curl -i expedition -X TRACE <A href="http://{yourexpediitonIP}" target="_blank" rel="noopener">http://{yourexpeditionIP}/</A></SPAN></P> <P class="p1">&nbsp;</P> <P class="p1">You should get response back like below:</P> <P class="p1"><SPAN class="s1">curl: (7) Failed to connect to {yourexpeditionIP} port 80: Connection refused</SPAN></P> <P class="p1">&nbsp;</P> Fri, 01 Apr 2022 16:44:05 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/477623#M3915 lychiang 2022-04-01T16:44:05Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/478606#M3932 <P>Hi Lychiang,</P> <P>Thanks for the reply. I'm getting below. May I know is this something we can mitigate on the server level? as this is a custom tool?</P> <P>&nbsp;</P> <P class="p1"><SPAN class="s1">shravaxxxxx:~ shravaxxxxx$ curl -i panmig-xxxx.xxx.vmware.com<SPAN class="Apple-converted-space">&nbsp; </SPAN>-X TRACE <A href="http://10.166.xxx.xxx" target="_blank">http://10.166.xxx.xxx</A></SPAN></P> <P class="p1"><SPAN class="s1">HTTP/1.1 200 OK</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Date</STRONG>: Wed, 06 Apr 2022 09:33:12 GMT</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Server</STRONG>: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.7</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Transfer-Encoding</STRONG>: chunked</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Content-Type</STRONG>: message/http</SPAN></P> <P class="p2">&nbsp;</P> <P class="p1"><SPAN class="s1">TRACE / HTTP/1.1</SPAN></P> <P class="p1"><SPAN class="s1">Host: panmig-xxx.xxx.vmware.com</SPAN></P> <P class="p1"><SPAN class="s1">User-Agent: curl/7.77.0</SPAN></P> <P class="p1"><SPAN class="s1">Accept: */*</SPAN></P> <P class="p2">&nbsp;</P> <P class="p1"><SPAN class="s1">HTTP/1.1 200 OK</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Date</STRONG>: Wed, 06 Apr 2022 09:33:15 GMT</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Server</STRONG>: Apache/2.4.6 (CentOS) OpenSSL/1.0.1e-fips PHP/5.6.7</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Transfer-Encoding</STRONG>: chunked</SPAN></P> <P class="p1"><SPAN class="s1"><STRONG>Content-Type</STRONG>: message/http</SPAN></P> <P class="p2">&nbsp;</P> <P class="p1"><SPAN class="s1">TRACE / HTTP/1.1</SPAN></P> <P class="p1"><SPAN class="s1">Host: 10.166.xxx.xxx</SPAN></P> <P class="p1"><SPAN class="s1">User-Agent: curl/7.77.0</SPAN></P> <P class="p1"><SPAN class="s1">Accept: */*</SPAN></P> <P class="p2">&nbsp;</P> <P class="p1"><SPAN class="s1">shravxxxxx-a02:~</SPAN></P> Wed, 06 Apr 2022 10:03:11 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/478606#M3932 ShravanKumar 2022-04-06T10:03:11Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/478687#M3933 <P>Hi,</P> <P>&nbsp;</P> <P>Which version of Expedition are you running?</P> <P>The signature that we see from your running command refers to CentOS, but Expedition is offered under Ubuntu.</P> <P>Also, I do not think we expose the tcp/80 on Expedition. When available, it directly redirects to tcp/443.</P> <P>&nbsp;</P> <P>Are you certain you are targeting an Expedition instance?</P> Wed, 06 Apr 2022 16:29:25 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/478687#M3933 dgildelaig 2022-04-06T16:29:25Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/478891#M3934 <P>I'm sure I'm targetting expedition tool IP.&nbsp;</P> <P>We have deployed this tool on a Centos VM in our environment... do you think this Vulnerability is detected for that server? and not the tool?</P> Thu, 07 Apr 2022 08:17:22 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/478891#M3934 ShravanKumar 2022-04-07T08:17:22Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/479576#M3939 <P>I'm sure I'm targetting expedition tool IP.&nbsp;</P> <P>We have deployed this tool on a Centos VM in our environment... do you think this Vulnerability is detected for that server? and not the tool?</P> Mon, 11 Apr 2022 06:39:18 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/479576#M3939 ShravanKumar 2022-04-11T06:39:18Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/479695#M3940 <P>Could be, then please follow the suggested remediation method for centos&nbsp;</P> Mon, 11 Apr 2022 17:18:05 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/479695#M3940 lychiang 2022-04-11T17:18:05Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/480175#M3946 <P>May I know what is the root password of Expedition tool? and how to check the current version and what is the procedure to upgrade to next version?</P> Wed, 13 Apr 2022 13:46:14 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/480175#M3946 ShravanKumar 2022-04-13T13:46:14Z https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/480195#M3947 <P>by default is "paloalto" but you could give&nbsp; specific root password during ubuntu installation,&nbsp; You can login to the expedition GUI and check the version in the dashboard, in the ubuntu CLI, you issue below commands to upgrade the tool to the latest version:</P> <P>&nbsp;</P> <P>sudo apt-get update</P> <P>sudo apt-get install expedition-beta&nbsp;</P> Wed, 13 Apr 2022 16:48:28 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/vulnerability-name-11213-http-trace-track-methods-allowed/m-p/480195#M3947 lychiang 2022-04-13T16:48:28Z