Re: TRACE/TRACK vulnerability - Jan....@Sun.COM - net.java.dev.glassfish.users

5 messages in net.java.dev.glassfish.usersRe: TRACE/TRACK vulnerability

From	Sent On	Attachments
Lund, Holly	Mar 24, 2008 6:45 am
Jeanfrancois Arcand	Mar 25, 2008 9:24 am
Lund, Holly	Mar 26, 2008 5:43 am
Lund, Holly	May 27, 2008 6:16 am
Jan....@Sun.COM	May 27, 2008 4:38 pm

Subject:	Re: TRACE/TRACK vulnerability
From:	Jan....@Sun.COM (Jan....@Sun.COM)
Date:	May 27, 2008 4:38:21 pm
List:	net.java.dev.glassfish.users

Lund, Holly wrote:

I assumed track would be the same so I added this under htttp-service

I am getting ths is server log

Can I disabel track also?

GlassFish does not support TRACK (I thought TRACK was specific to IIS?).

Also, you may disable only TRACE via an http-service property, but none of the other HTTP methods.

Jan

Holly Lund 301-903-1174 202-586-4431

-----Original Message----- From: Jean...@Sun.COM [mailto:Jean...@Sun.COM] Sent: Tuesday, March 25, 2008 12:25 PM To: use...@glassfish.dev.java.net Subject: Re: TRACE/TRACK vulnerability

Hi,

Lund, Holly wrote:

How do you secure this vulnerability?

do you want to disable trace? If yes, just add, in domain.xml under

<http-service...> .... <property name="traceEnabled" value="false"/> </http-service>

Thanks

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets