tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mark Lenz" <>
Subject TRACE/TRACK methods
Date Thu, 11 Sep 2003 16:37:12 GMT
Our company conducted a security audit and Tomcat was reported as
supporting TRACE and TRACK.  It said, "It has been shown that servers
supporting this method are subject to cross-site-scripting attacks, dubbed
XST for 'Cross-Site-Tracing', when used in conjunction with various
weaknesses in browsers."  I have been assigned the task of turning off this
support, but I have searched Google, tomcat-user archives and the Tomcat
documentation to no avail.  Does anyone know how to disable these methods?

Mark Lenz
Software Engineer
Control Systems Group
Pierce Manufacturing, Inc.
(920) 832-3523

The information contained in this electronic mail message is confidential
information and intended only for the use of the individual or entity named
above, and may be privileged.  If the reader of this message is not the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.  If
you have received this transmission in error, please  contact the sender
immediately, delete this material from your computer and destroy all
related paper media.  Please note that the documents transmitted are not
intended to be binding until a hard copy has been manually signed by all
Thank you.

View raw message