I'm using tomcat 4.1.24 and the sys admins found a potential security hole by sending a HTTP TRACE. They told me I need to fix it by following the instructions in the following URL:
http://www.kb.cert.org/vuls/id/867593
However, I'm not using the Apache HTTP Server, just Tomcat with it's embedded server. Is there anyway to disable a HTTP TRACE sent to tomcat?
Here's the test I need to fail...
telnet xxx.xxx.xxx.xxx 8080
type in "TRACE / HTTP/1.0" and hit return twice... it shows...
HTTP/1.1 200 OK Content-Type: message/http Content-Length: 18 Date: Sun, 22 Jun 2003 22:52:24 GMT Server: Apache Coyote/1.0 Connection: close
TRACE / HTTP/1.0
I need it that to fail to get the sys admin's off my back.
Any help would much appreciated!
Thanks!!
Pete
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
