Disable Tomcat HTTP TRACE / TRACK Methods.

book

Article ID: 207060

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager

Issue/Introduction

Security Vulnerability is reported on remote web server that supports the TRACE and/or TRACK methods.
TRACE and TRACK are HTTP methods that are used to debug web server connections.

Can we disable SDM tomcat TRACK/TRACE methods.

Environment

CA Service Desk Manager, all releases

Resolution

The methods TRACK and TRACE can be disabled directly on the Tomcat web server.  The client is free to update the Tomcat configuration to suit their specific needs.

SDM does not use those methods and thus it will not have any effect on SDM.