[JBoss JIRA] (WFLY-4610) Disable HTTP TRACE method by default on https

Friday, 22 September 2017

    [
https://issues.jboss.org/browse/WFLY-4610?page=com.atlassian.jira.plugin....
] 

Junier Lee commented on WFLY-4610:
----------------------------------

HI Support

What if i can't update at this moment. Do you have any workaround to resolve that?  It
might take months and months, if there is alternative i will resolve this first and follow
up on next upgrade of wildfly

can you comment please

...
 Disable HTTP TRACE method by default on https
 ---------------------------------------------

                 Key: WFLY-4610
                 URL: https://issues.jboss.org/browse/WFLY-4610
             Project: WildFly
          Issue Type: Bug
          Components: Web (Undertow)
            Reporter: Dan Hooper
            Assignee: Stuart Douglas

 A vulnerability scan tool found that the HTTP TRACE method is enabled on our wildfly
server.  I could not find any information about disabling TRACE on wildfly.  Previous
versions of JBOSS had disabled TRACE by default.
 The problem seems to only exist when using HTTPS.
 I have linked to a stack overflow post about this topic.

http://stackoverflow.com/questions/28568730/how-to-disable-trace-track-ht...

--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006