search cancel

Disable track /trace method for Eclipse Adoptium


Article ID: 252835


Updated On:


CA Automic Workload Automation - Automation Engine CA Automic One Automation


Vulnerability scans are showing that there is a HTTP trace method is currently allowed for the AWI when using the Jetty launcher. This is throwing up alerts for the vulnerability scans (see below). Please advise how we can disable the HTTP TRACE / TRACK methods in the JDK?

Please note: The AWI was installed using the Bundled Eclipse Jetty Launcher.

Host      Protocol              Port       Name

10.x.x.xx            tcp         8080      HTTP TRACE / TRACK Methods Allowed

java.exe                      7328 Services                   0    448,904 K

C:\Program Files\Eclipse Adoptium\jdk-\bin


Release : 21.0.1


Product defect prior to the release of 21.0.4


The use of the TRACE method in the Jetty AWI should return a status 405 (method not allowed) instead of 200, but due to a bug was not returning that in earlier versions of 21.0.  This has been fixed with the Jetty AWI component with release 21.0.4 which is available for download from 

Please note that updating the AWI component also requires an update to the utilities, initialdata, and automationengine components.