The HTTP TRACE option facilities cross-site trace attacks. Some organizations such as Google consider this to not be an issue, but many pen tests flag it. The solution to the TRACE problems is to use mod_redirect to prevent such requests. However even though the Red Hat httpd package is not vulnerable to the mod_redirect bug there is still a push to remove that module. It would be good if it was possible to turn off the TRACE option without using mod_redirect and in the manner that the ASF has designed for all future versions of Apache.
Thanks for the request. This problem is resolved in the next release of Red Hat Enterprise Linux (v5). Red Hat does not currently plan to provide a resolution for this in a Red Hat Enterprise Linux update for currently deployed systems. With the goal of minimizing risk of change for deployed systems, and in response to customer and partner requirements, Red Hat takes a conservative approach when evaluating changes for inclusion in maintenance updates for currently deployed products. The primary objectives of update releases are to enable new hardware platform support and to resolve critical defects.