Comment on Disable Apache HTTP TRACE method to improve Apache security by Jim.
On Debian/Lenny there is a file /etc/apache2/conf.d/security that has:
# Allow TRACE method
#
# Set to “extended” to also reflect the request body (only for testing and
# diagnostic purposes).
#
# Set to one of: On | Off | extended
#
#TraceEnable Off
TraceEnable On
You can simple uncomment the option you want.