RE: tomcat 7.0.22 - allowTrace=false not working

[mailto:knst.koli...@gmail.com] Sent: Sunday, February 24, 2013 1:58 AM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working 2013/2/22 Nick Williams nicho...@nicholaswilliams.net: On Feb 22, 2013, at 7:49 AM, Konstantin Kolinko wrote: One example of false positive

RE: tomcat 7.0.22 - allowTrace=false not working

, 2013 6:25 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/22/13 12:50 AM, Sachin wrote: It does access a JSP page. But even I was expecting to stop TRACE by specifically adding allowTrace=false

Re: tomcat 7.0.22 - allowTrace=false not working

2013/2/22 Nick Williams nicho...@nicholaswilliams.net: On Feb 22, 2013, at 7:49 AM, Konstantin Kolinko wrote: One example of false positive is that if you send an OPTIONS request to almost any servlet, the Allow header in its response by default will include the TRACE method (as implemented

Re: tomcat 7.0.22 - allowTrace=false not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/22/13 12:50 AM, Sachin wrote: It does access a JSP page. But even I was expecting to stop TRACE by specifically adding allowTrace=false. And as I've checked, tomcat 5 is giving me this behavior properly but not 7.0.22. Can you

Re: tomcat 7.0.22 - allowTrace=false not working

. This information was found in the request with id 19. Thanks Regards Sachin -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, February 18, 2013 11:34 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working On 18/02/2013 15:00

Re: tomcat 7.0.22 - allowTrace=false not working

7.0.22 - allowTrace=false not working On 18/02/2013 15:00, Sachin wrote: Hi, I want to disable http TRACE method in my application which is running on tomcat 7.0.22 web-server. Though apache tomcat configuration for http says that it is set to false by default, it allows TRACE. I tried

Re: tomcat 7.0.22 - allowTrace=false not working

Hi, Im beginner in Linux. Can anyone help me develop my skills in Linux? Regards Chak Teylor On Fri, Feb 22, 2013 at 8:55 PM, Christopher Schultz ch...@christopherschultz.net wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/22/13 12:50 AM, Sachin wrote: It does

Re: tomcat 7.0.22 - allowTrace=false not working

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/18/13 1:19 PM, Sachin wrote: I'm testing it with w3af(http://w3af.sourceforge.net) since that's what our security certifying vendor tests application against. And it logs - The URL http://localhost:8080/app/; has the following

RE: tomcat 7.0.22 - allowTrace=false not working

...@christopherschultz.net] Sent: Friday, February 22, 2013 10:15 AM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Sachin, On 2/18/13 1:19 PM, Sachin wrote: I'm testing it with w3af(http://w3af.sourceforge.net) since

RE: tomcat 7.0.22 - allowTrace=false not working

. Thanks Regards Sachin -Original Message- From: Sachin [mailto:sac...@nitman.co.in] Sent: Tuesday, February 19, 2013 8:14 AM To: 'Tomcat Users List' Subject: RE: tomcat 7.0.22 - allowTrace=false not working Thanks Mark n Nick. As far as I see from w3af documentation, they are looking

Re: tomcat 7.0.22 - allowTrace=false not working

On 18/02/2013 15:00, Sachin wrote: Hi, I want to disable http TRACE method in my application which is running on tomcat 7.0.22 web-server. Though apache tomcat configuration for http says that it is set to false by default, it allows TRACE. I tried setting it to false specifically, but still it

RE: tomcat 7.0.22 - allowTrace=false not working

with id 19. Thanks Regards Sachin -Original Message- From: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, February 18, 2013 11:34 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working On 18/02/2013 15:00, Sachin wrote: Hi, I want to disable http TRACE

Re: tomcat 7.0.22 - allowTrace=false not working

: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, February 18, 2013 11:34 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working On 18/02/2013 15:00, Sachin wrote: Hi, I want to disable http TRACE method in my application which is running on tomcat 7.0.22 web-server

Re: tomcat 7.0.22 - allowTrace=false not working

: Mark Thomas [mailto:ma...@apache.org] Sent: Monday, February 18, 2013 11:34 PM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working On 18/02/2013 15:00, Sachin wrote: Hi, I want to disable http TRACE method in my application which is running on tomcat 7.0.22 web

Re: tomcat 7.0.22 - allowTrace=false not working

On 18/02/2013 19:03, Nick Williams wrote: On Feb 18, 2013, at 12:55 PM, Mark Thomas wrote: On 18/02/2013 18:19, Sachin wrote: I'm testing it with w3af(http://w3af.sourceforge.net) since that's what our security certifying vendor tests application against. And it logs - The URL

Re: tomcat 7.0.22 - allowTrace=false not working

On Feb 18, 2013, at 1:11 PM, Mark Thomas wrote: On 18/02/2013 19:03, Nick Williams wrote: On Feb 18, 2013, at 12:55 PM, Mark Thomas wrote: On 18/02/2013 18:19, Sachin wrote: I'm testing it with w3af(http://w3af.sourceforge.net) since that's what our security certifying vendor tests

RE: tomcat 7.0.22 - allowTrace=false not working

-Original Message- From: Nick Williams [mailto:nicho...@nicholaswilliams.net] Sent: Tuesday, February 19, 2013 12:47 AM To: Tomcat Users List Subject: Re: tomcat 7.0.22 - allowTrace=false not working On Feb 18, 2013, at 1:11 PM, Mark Thomas wrote: On 18/02/2013 19:03, Nick Williams wrote