Not by default. You could always register a filter that
handled TRACE requests. I might just do that to see what
kind of exploits are being used out there ... log any
TRACE attempts. ;-)
I believe TRACE is an HTTP/1.1 option, which would mean AOLserver is NOT vulnerable since we're still only HTTP/1.0 compliant.
- Nathan