On Wed, Mar 18, 2020 at 12:31 AM James H. H. Lampert < jam...@touchtonecorp.com> wrote:
> > On 3/17/20 3:18 PM, Martynas Jusevičius wrote: > > why should DELETE or OPTIONS not be enabled? They are standard HTTP > methods. > > True, but (quoting the audit report) > > . . . [DELETE] may allow a remote attacker to delete arbitrary files . . > . . > and (again quoting the report) > > Web servers that respond to the OPTIONS HTTP method expose what other > > methods are supported by the web server, allowing attackers to narrow > > and intensify their efforts. > Reading the quoted text I'd suggest you to throw this tool in the bin. I hope you didn't pay for it. Martin > -- > JHHL > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org > For additional commands, e-mail: users-h...@tomcat.apache.org > >
