Our Brands

{"support":{"yesButton":"Yes","noButton":"No","feedback":{"title":"What can we do to improve?"},"submitButton":"Submit","successMessage":"Thank you for your feedback","title":"Was this helpful?","feedbackPercentLabel":"of people found this helpful","captcha":{"error":"Please check the box"}}}

Search FAQs

{"searchBar":{"inputPlaceholder":"Search by keyword or ask a question","searchBtn":"Search","error":"Please enter a keyword to search"}}

Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

Is PowerChute Network Shutdown vulnerable to Cross Site Tracing (XST)?

PowerChute Network Shutdown

All support OS

Jetty web server


The PCNS application is hosted on a Jetty Web Server. By default Jetty appears to have the HTTP TRACE method enabled.

In earlier versions of PowerChute (prior to 4.0), in response to an HTTP OPTIONS request the Jetty Web Server lists TRACE as an available option. However the TRACE method is blocked by the PCNS application.

HTTP/1.1 405 Method Not Allowed is sent in response to any TRACE request. Therefore PCNS is not vulnerable to CrossSite Tracing.

Cross site tracing (XST) is a vulnerability exploiting the HTTP TRACE method.
Further information can be found here:


Can't find what you are looking for?

Reach out to our Customer Care team to receive information on technical support, assistance for complaints and more.