The OPTIONS method provides a list of the methods that are supported by the web server; it represents a request for information about the communication options available on the request/response chain identified by the Request-URI. Enabling the trace method usually leads to disclosure of sensitive information. This vulnerability affects the Web Server
UIM 20.4.x /23.4
component: Operator console
Do the following to make the OPTIONS method disabled in SAML web app.
1.Go to IM/AC and disable the OC robot's wasp probe.
2.Go to OC robots installation location and open the file web.xml from the path <Nimsoft_Directory>\probes\service\wasp\webapps\samlsso\WEB-INF
after taking backup of this file
3.Find the tag </web-app> and paste the below configuration just above the tag and save file.
4.Activate wasp probe
<security-constraint>
<web-resource-collection>
<web-resource-name>restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>OPTIONS</http-method>
</web-resource-collection>
<auth-constraint />
</security-constraint>
<security-constraint>
<web-resource-collection>
<web-resource-name>un restricted methods</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<user-data-constraint>
<transport-guarantee>NONE</transport-guarantee>
</user-data-constraint>
</security-constraint>
Note: This fix will be part of DX UIM 20.4 CU10 /23.4CU1 release.