Mark,
On 9/9/21 03:05, Mark Thomas wrote:
On 08/09/2021 20:50, Christopher Schultz wrote:
Mark,
On 9/8/21 11:28, Mark Thomas wrote:
On 08/09/2021 16:15, Gilles Robert wrote:
My issue is that even though TRACE is disabled, we see the "malicious"
header in the response.
You need to talk to
On 08/09/2021 20:50, Christopher Schultz wrote:
Mark,
On 9/8/21 11:28, Mark Thomas wrote:
On 08/09/2021 16:15, Gilles Robert wrote:
My issue is that even though TRACE is disabled, we see the "malicious"
header in the response.
You need to talk to the Spring folks then. Default Tomcat
Mark,
On 9/8/21 11:28, Mark Thomas wrote:
On 08/09/2021 16:15, Gilles Robert wrote:
My issue is that even though TRACE is disabled, we see the "malicious"
header in the response.
You need to talk to the Spring folks then. Default Tomcat behaviour is
to return a 405 with an error message in
On 08/09/2021 16:15, Gilles Robert wrote:
My issue is that even though TRACE is disabled, we see the "malicious"
header in the response.
You need to talk to the Spring folks then. Default Tomcat behaviour is
to return a 405 with an error message in the response. I've just doubled
checked
My issue is that even though TRACE is disabled, we see the "malicious"
header in the response.
On Wed, 8 Sept 2021 at 17:01, Mark Thomas wrote:
>
> On 08/09/2021 14:14, Gilles Robert wrote:
> > Hi,
> >
> > Using Spring boot (2.5.4) with Tomcat (9.0.52), the HTTP TRACE method
> > is disabled by
On 08/09/2021 14:14, Gilles Robert wrote:
Hi,
Using Spring boot (2.5.4) with Tomcat (9.0.52), the HTTP TRACE method
is disabled by default and returns a 405 method not allowed, which is
what I expect security-wise. My issue is that if one gives a malicious
header:
header: malicious:
