Might be https://www.rapid7.com/db/vulnerabilities/http-options-method-enabled
"Web servers that respond to the OPTIONS HTTP method expose what other methods are supported by the web server, allowing attackers to narrow and intensify their efforts." Which feels like a bit of a stretch, it's only a problem if it enables other attacks and given the the number of HTTP methods it won't slow down any attacker. It's a bit like saying "a login form exposes where to input user password for a brute-force attack" ;) On Friday, 30 October 2020 at 09:01:42 UTC [email protected] wrote: > it gave a cvss score of 2.6 low and highlight that > http-options-method-enabled. > > i could possibly have this waived off, but need to know if it is required > or is there anyway I can disable it if it is not critical to be used. > On Friday, October 30, 2020 at 4:12:41 PM UTC+8 [email protected] wrote: > >> What exactly does your security scanner say about OPTIONS on prometheus? >> It sounds like a false positive. >> > -- You received this message because you are subscribed to the Google Groups "Prometheus Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/prometheus-users/6a8c40cb-1225-4b71-a523-74b30095ea36n%40googlegroups.com.
