Vulnerability Scan found the following on SiteMinder Access Gateway R12.8SP4.

Vulnerabilities (9)
3 HTTP TRACE / TRACK Methods Enabled port 443/tcp
QID: 12680 CVSS Base: 5.8
Category: CGI CVSS Temporal: 5.2
CVE ID: CVE-2004-2320, CVE-2010-0386, CVE-2003-1567
Vendor Reference:

Web Server HTTP Trace/Track Method Support Cross-Site Tracing Vulnerability port 443/tcp
QID: 86473 CVSS Base: 5.8
Category: Web server CVSS Temporal: 5
CVE ID: CVE-2004-2320, CVE-2007-3008
Vendor Reference:

Release : ALL

Component : SITEMINDER SECURE PROXY SERVER / ACCESS GATEWAY

This is obviously because TRACE method was enabled/allowed on the Access Gateway.

When you install Access Gateway, you will be asked if you want to turn off the TRACE method.

In case if you decided not to turn off the TRACE method then this is an expected behavior.

You can turn off the TRACE method manually by following the steps below.  Be sure to back up the existing httpd.conf before modifying it.

Step1: Set "TraceEnable off" in your httpd.conf file.

Step2: Ensure there is no "LoadModule proxy_module modules/mod_proxy.so" in the httpd.conf file.

If such a line exists, either comment it out (use preceding #) or delete the line.

Step3: Restart Access Gateway.

Now when a user makes a request using TRACE method, the user will receive a HTTP 405 response.

Documentation: HTTP Trace Method in Access Gateway