[jboss-jira] [JBoss JIRA] (WFLY-4610) Disable HTTP TRACE method by default on https
Darran Lofthouse (JIRA)
issues at jboss.org
Fri Sep 22 05:53:00 EDT 2017
[ https://issues.jboss.org/browse/WFLY-4610?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13467270#comment-13467270 ]
Darran Lofthouse commented on WFLY-4610:
----------------------------------------
FYI this is not a support portal, this is the issue tracking tool to track bug reports and feature requests against our projects.
To receive official support you would require a JBoss EAP subscription which will also give you access to raise support cases through the customer portal provided you use EAP: -
https://developers.redhat.com/products/eap/overview/
Alternatively we provide forums that can be used for the community to discuss issues they are experiencing and assist each other.
http://wildfly.org/gethelp/
> Disable HTTP TRACE method by default on https
> ---------------------------------------------
>
> Key: WFLY-4610
> URL: https://issues.jboss.org/browse/WFLY-4610
> Project: WildFly
> Issue Type: Bug
> Components: Web (Undertow)
> Reporter: Dan Hooper
> Assignee: Stuart Douglas
>
> A vulnerability scan tool found that the HTTP TRACE method is enabled on our wildfly server. I could not find any information about disabling TRACE on wildfly. Previous versions of JBOSS had disabled TRACE by default.
> The problem seems to only exist when using HTTPS.
> I have linked to a stack overflow post about this topic.
> http://stackoverflow.com/questions/28568730/how-to-disable-trace-track-http-in-jboss-wildfly
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list