Leo Donahue - PLANDEVX wrote:
...
>
> Yes. I wasn't implementing doPUT or doDELETE and was scratching my head trying to figure
out how the security scan was able to indicate those methods were available.
>
Then it very much looks right now as if it is the scanner which is faulty.
Being mainly a perl guy, I know this tool which would tell you how the
Tomcat reacts : lwp-request
It is a perl command-line tool which allows to create and send a HTTP
request to a server, and see the returned answer in detail.
lwp-request --help will tell you all about it.
e.g.
# lwp-request -m PUT -Sed http://localhost:8180/some-url
Please enter content (text/plain) to be PUTed:
abcdef
^D
PUT http://localhost:8180/some-url --> 403 Forbidden
Connection: close
Date: Fri, 14 May 2010 15:24:55 GMT
Server: Apache-Coyote/1.1
Content-Length: 958
Content-Type: text/html;charset=utf-8
Client-Date: Fri, 14 May 2010 15:24:55 GMT
Client-Peer: 127.0.0.1:8180
Client-Response-Num: 1
Title: Apache Tomcat/5.0 - Error report
So, it does respond 403.
Mark was right. How does he know these things ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
|