[jboss-jira] [JBoss JIRA] (WFLY-4610) Disable HTTP TRACE method by default on https
Stuart Douglas (JIRA)
issues at jboss.org
Thu Nov 5 01:29:00 EST 2015
[ https://issues.jboss.org/browse/WFLY-4610?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Stuart Douglas resolved WFLY-4610.
----------------------------------
Resolution: Out of Date
This has been fixed upstream for a while. The disallowed-methods attribute on a connector defaults to TRACE
> Disable HTTP TRACE method by default on https
> ---------------------------------------------
>
> Key: WFLY-4610
> URL: https://issues.jboss.org/browse/WFLY-4610
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Dan Hooper
> Assignee: Stuart Douglas
>
> A vulnerability scan tool found that the HTTP TRACE method is enabled on our wildfly server. I could not find any information about disabling TRACE on wildfly. Previous versions of JBOSS had disabled TRACE by default.
> The problem seems to only exist when using HTTPS.
> I have linked to a stack overflow post about this topic.
> http://stackoverflow.com/questions/28568730/how-to-disable-trace-track-http-in-jboss-wildfly
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the jboss-jira
mailing list