Vulnerability scan reports that Tomcat supports "dangerous" http methods for DLP Enforce
search cancel

Vulnerability scan reports that Tomcat supports "dangerous" http methods for DLP Enforce

book

Article ID: 257107

calendar_today

Updated On:

Products

Data Loss Prevention Enforce Data Loss Prevention Enforce

Issue/Introduction

Vulnerability scan on enforce server reports that Tomcat supports "dangerous" http methods.

Resolution

This is a FALSE POSITIVE. As per RFC 7231,tomcat is required to include the names of methods in the "Allow:" header for which it does not respond with a 405/Method Not Allowed response. This does not mean the method is enabled. DLP explicitly disables dangerous methods.

Powered by Wolken Software