[jboss-jira] [JBoss JIRA] (WFLY-4610) Disable HTTP TRACE method by default on https
Brian Stansberry (JIRA)
issues at jboss.org
Wed Nov 4 22:29:00 EST 2015
[ https://issues.jboss.org/browse/WFLY-4610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry updated WFLY-4610:
-----------------------------------
Component/s: Web (Undertow)
> Disable HTTP TRACE method by default on https
> ---------------------------------------------
>
> Key: WFLY-4610
> URL: https://issues.jboss.org/browse/WFLY-4610
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Dan Hooper
> Assignee: Jason Greene
>
> A vulnerability scan tool found that the HTTP TRACE method is enabled on our wildfly server. I could not find any information about disabling TRACE on wildfly. Previous versions of JBOSS had disabled TRACE by default.
> The problem seems to only exist when using HTTPS.
> I have linked to a stack overflow post about this topic.
> http://stackoverflow.com/questions/28568730/how-to-disable-trace-track-http-in-jboss-wildfly
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list