RE: tomcat 7.0.22 - allowTrace="false" not working

From: Konstantin Kolinko [mailto:knst.koli...@gmail.com] Sent: Sunday, February 24, 2013 1:58 AM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace="false" not working 2013/2/22 Nick Williams : > >> On Feb 22, 2013, at 7:49 AM, Konstantin Kolinko wrote: >> &

Re: tomcat 7.0.22 - allowTrace="false" not working

2013/2/22 Nick Williams : > >> On Feb 22, 2013, at 7:49 AM, Konstantin Kolinko wrote: >> >> One example of false positive is that if you send an OPTIONS request >> to almost any servlet, the "Allow" header in its response by default >> will include the TRACE method (as implemented in >> javax.servl

RE: tomcat 7.0.22 - allowTrace="false" not working

bruary 22, 2013 6:25 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace="false" not working -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/22/13 12:50 AM, Sachin wrote: > It does access a JSP page. But even I was expecting to stop TRACE by > specifically

Re: tomcat 7.0.22 - allowTrace="false" not working

Hi, Im beginner in Linux. Can anyone help me develop my skills in Linux? Regards Chak Teylor On Fri, Feb 22, 2013 at 8:55 PM, Christopher Schultz < ch...@christopherschultz.net> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA256 > > Sachin, > > On 2/22/13 12:50 AM, Sachin wrote: > > It

Re: tomcat 7.0.22 - allowTrace="false" not working

ark Thomas [mailto:ma...@apache.org] >> Sent: Monday, February 18, 2013 11:34 PM >> To: Tomcat Users List >> Subject: Re: tomcat 7.0.22 - allowTrace="false" not working >> >> On 18/02/2013 15:00, Sachin wrote: >>> Hi, >>> >>> I want to di

Re: tomcat 7.0.22 - allowTrace="false" not working

IONS, POST, TRACE. This information was found > in the request with id 19. > > > Thanks & Regards > Sachin > > -Original Message- > From: Mark Thomas [mailto:ma...@apache.org] > Sent: Monday, February 18, 2013 11:34 PM > To: Tomcat Users List > Subject: Re

Re: tomcat 7.0.22 - allowTrace="false" not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/22/13 12:50 AM, Sachin wrote: > It does access a JSP page. But even I was expecting to stop TRACE > by specifically adding allowTrace="false". And as I've checked, > tomcat 5 is giving me this behavior properly but not 7.0.22. Can you

RE: tomcat 7.0.22 - allowTrace="false" not working

Schultz [mailto:ch...@christopherschultz.net] Sent: Friday, February 22, 2013 10:15 AM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace="false" not working -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/18/13 1:19 PM, Sachin wrote: > I'm testing it

Re: tomcat 7.0.22 - allowTrace="false" not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/18/13 1:19 PM, Sachin wrote: > I'm testing it with w3af(http://w3af.sourceforge.net) since that's > what our security certifying vendor tests application against. > > And it logs - The URL "http://localhost:8080/app/"; has the > follo

RE: tomcat 7.0.22 - allowTrace="false" not working

tly, but not tomcat 7 with this approach. Thanks & Regards Sachin -Original Message- From: Sachin [mailto:sac...@nitman.co.in] Sent: Tuesday, February 19, 2013 8:14 AM To: 'Tomcat Users List' Subject: RE: tomcat 7.0.22 - allowTrace="false" not working Thank

RE: tomcat 7.0.22 - allowTrace="false" not working

ds Sachin -Original Message- From: Nick Williams [mailto:nicho...@nicholaswilliams.net] Sent: Tuesday, February 19, 2013 12:47 AM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace="false" not working On Feb 18, 2013, at 1:11 PM, Mark Thomas wrote: > On 18/02/201

Re: tomcat 7.0.22 - allowTrace="false" not working

On Feb 18, 2013, at 1:11 PM, Mark Thomas wrote: > On 18/02/2013 19:03, Nick Williams wrote: >> On Feb 18, 2013, at 12:55 PM, Mark Thomas wrote: >> >>> On 18/02/2013 18:19, Sachin wrote: I'm testing it with w3af(http://w3af.sourceforge.net) since that's what our security certifying vend

Re: tomcat 7.0.22 - allowTrace="false" not working

On 18/02/2013 19:03, Nick Williams wrote: On Feb 18, 2013, at 12:55 PM, Mark Thomas wrote: On 18/02/2013 18:19, Sachin wrote: I'm testing it with w3af(http://w3af.sourceforge.net) since that's what our security certifying vendor tests application against. And it logs - The URL "http://localh

Re: tomcat 7.0.22 - allowTrace="false" not working

d likewise for the other methods. My $0.02. N > > >> >> >> Thanks & Regards >> Sachin >> >> -Original Message- >> From: Mark Thomas [mailto:ma...@apache.org] >> Sent: Monday, February 18, 2013 11:34 PM >> To: Tomcat Users

Re: tomcat 7.0.22 - allowTrace="false" not working

n -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, February 18, 2013 11:34 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace="false" not working On 18/02/2013 15:00, Sachin wrote: Hi, I want to disable http TRACE method in my appli

RE: tomcat 7.0.22 - allowTrace="false" not working

in the request with id 19. Thanks & Regards Sachin -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, February 18, 2013 11:34 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace="false" not working On 18/02/2013 15:00, Sachin wrote

Re: tomcat 7.0.22 - allowTrace="false" not working

On 18/02/2013 15:00, Sachin wrote: Hi, I want to disable http TRACE method in my application which is running on tomcat 7.0.22 web-server. Though apache tomcat configuration for http says that it is set to false by default, it allows TRACE. I tried setting it to false specifically, but still it