TL;DR The presence of the TRACE method is generally considered to be at best an informational finding (and in isolation, I wouldn’t disagree with that). But before you deploy your meh, if you know what to look for, the TRACE method (and any other mechanism that reflect requests) can be added to a practical attack chain, and will dramatically increase the impact of an exploit.
Exploiting TRACE
Exploiting TRACE
Exploiting TRACE
TL;DR The presence of the TRACE method is generally considered to be at best an informational finding (and in isolation, I wouldn’t disagree with that). But before you deploy your meh, if you know what to look for, the TRACE method (and any other mechanism that reflect requests) can be added to a practical attack chain, and will dramatically increase the impact of an exploit.