On 05/02/2017 17:29, Olivier Jaquemet wrote:
[...]
there is one case where the [allowTrace] configuration does not fully
apply response to OPTIONS request for custom servlet (i.e. any non
tomcat servlet inherting from HttpServlet).
In such case the TRACE methods is incorrectly listed in the All
On 05/02/2017 17:29, Olivier Jaquemet wrote:
[...]
To reproduce:
1. deploy the attached war (containg all sources) in a tomcat instance
listening on port 80 (listing on port 80 is required for proper
validation through nmap https-methods script).
The simple test webapp :
https://www.dropbox.
Hi all,
As you certainly know, OWASP recommends testing HTTP methods of remote
servers using nmap "http-methods" script:
https://www.owasp.org/index.php/Test_HTTP_Methods_(OTG-CONFIG-006)
One of the recommandations is to ensure TRACE method is disabled (
let's just omit the recommandation on PU