[jboss-jira] [JBoss JIRA] (WFLY-4610) Disable HTTP TRACE method by default on https
Junier Lee (JIRA)
issues at jboss.org
Fri Sep 22 05:34:01 EDT 2017
[ https://issues.jboss.org/browse/WFLY-4610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467254#comment-13467254 ]
Junier Lee commented on WFLY-4610:
----------------------------------
HI Support
What if i can't update at this moment. Do you have any workaround to resolve that? It might take months and months, if there is alternative i will resolve this first and follow up on next upgrade of wildfly
can you comment please
> Disable HTTP TRACE method by default on https
> ---------------------------------------------
>
> Key: WFLY-4610
> URL: https://issues.jboss.org/browse/WFLY-4610
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Dan Hooper
> Assignee: Stuart Douglas
>
> A vulnerability scan tool found that the HTTP TRACE method is enabled on our wildfly server. I could not find any information about disabling TRACE on wildfly. Previous versions of JBOSS had disabled TRACE by default.
> The problem seems to only exist when using HTTPS.
> I have linked to a stack overflow post about this topic.
> http://stackoverflow.com/questions/28568730/how-to-disable-trace-track-http-in-jboss-wildfly
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list