Sun Microsystems, Inc. Information for VU#867593

Web servers enable HTTP TRACE method by default

Status

Affected

Vendor Statement

The iPlanet Web Server 4.1 and Sun ONE Web Server 6.0 both have HTTP TRACE enabled by default. For details of how to disable HTTP TRACE support, see the following Sun Alert:


http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java

Vendor References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200171-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java

Addendum

If you have feedback, comments, or additional information about this vulnerability, please send us email.