Insecure "OPTIONS" HTTP Method Enabled
search cancel

Insecure "OPTIONS" HTTP Method Enabled

book

Article ID: 260169

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

Running PAM 04.3.05 CP06

Main issue:
Insecure "OPTIONS" HTTP Method Enabled

Proposed Solution:
Disable WebDAV, or disallow unneeded HTTP method

Port:  443
CWE:  1032

 

Environment

Release : 4.3
CA Process Automation

Resolution

Modify web.xml at <Install_Dir>\server\c2o\ext-deploy\c2oear-snapshot.ear\web-snapshot.war\WEB-INF

options method can be removed param-value for param-name cors.allowed.methods in web.xml

Powered by Wolken Software