Can someone show in a step by step way for standalone tomcat: 1. how to show that a DELETE vulnerability exists in tomcat using a telnet session for a sample file, let's say index.html 2. how to block the vulnerability by modifying web.xml 3. what telnet will show once the vulnerability has been blocked
Bill, I've tried your latest suggestions but really have not seen any differences when I try to test them. My vulnerability scanner still shows DELETE and PUT being vulnerable. Thanks
