Vulnerability Scan found the following on SiteMinder Access Gateway R12.8SP4.
3 HTTP TRACE / TRACK Methods Enabled port 443/tcp
QID: 12680 CVSS Base: 5.8
Category: CGI CVSS Temporal: 5.2
CVE ID: CVE-2004-2320, CVE-2010-0386, CVE-2003-1567
Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability port 443/tcp
QID: 86473 CVSS Base: 5.8
Category: Web server CVSS Temporal: 5
CVE ID: CVE-2004-2320, CVE-2007-3008
This is obviously because TRACE method was enabled/allowed on the Access Gateway.
When you install Access Gateway, you will be asked if you want to turn off the TRACE method.
In case if you decided not to turn off the TRACE method then this is an expected behavior.
Release : 12.8.04
Component : SITEMINDER SECURE PROXY SERVER
You can turn off the TRACE method manually by following the steps below.
Step1: Set "TraceEnable off" in your httpd.conf file.
Step2: Ensure there is no "LoadModule proxy_module modules/mod_proxy.so" in the httpd.conf file.
Then when you send TRACE method request you will get HTTP 405 response.