This vulnerability note is against the HTTP TRACE method but mentions the "DOM interface" (with an improper link to the W3C site by the way). [[ Attackers may abuse HTTP TRACE functionality to gain access to information in HTTP headers that is not otherwise available via the DOM interface. ]] http://www.kb.cert.org/vuls/id/867593 The DOM interface does not give the ability to do an HTTP TRACE nor the ability to access information resulting from an HTTP TRACE. The cookie attribute (as defined in DOM Level 2 HTML) is always attached to a Document and therefore cannot result from an HTTP TRACE. In any case, the HTTP TRACE method itself is only returned to the client client application who has already access to those data. PhilippeReceived on Tuesday, 25 February 2003 09:34:01 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 3 May 2007 00:17:15 GMT