HTTP TRACE TRACK Methods Allowed
This entry from Security Metrics is followed up with the following CVE:
This primary CVE may have relevance to BEA WebLogic Server but does not represent an particular vulnerability to ClearOS. The Apache Foundation has addressed this issue and does not see this as a particular security vulnerability. (See http://www.apacheweek.com/issues/03-01-24#news)
The additional CVEs affects IIS Server running on Microsoft environments and Sun Java Application Server, respectively. This system is not affected by any CVE cited.
Trace is a function and a utility of Apache to troubleshoot webpages. It can be used to discover why pages are not working and potentially could be used to fix issues. As explained in the news from the Apache Foundation, the same information exposed in the attack for which this CVE is crafted can be garnered in other more typical ways. Thus, the CVE is a pretty weak representation of a real problem.
Tracing can be a valuable tool for discovering issues with a malformed webpage. If you don't use this tool and just as soon disable the functionality you can turn it off in ClearOS. If you want to disable tracing, enter this line near the top of your /etc/httpd/conf/httpd.conf file:
Afterwards, restart the Apache service:
service httpd restart