Skip to main content

TRACE/TRACK vulnerability

4 replies [Last post]
Anonymous

How do you secure this vulnerability?

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
Lund, Holly

I assumed track would be the same so
I added this under htttp-service

I am getting ths is server log

[#|2008-05-27T08:35:30.387-0400|WARNING|sun-appserver9.1|javax.enterpris
e.system.container.web|_ThreadID=10;_ThreadName=main;putEnabled;_Request
ID=64caaa43-6729-4ecc-8573-7ad257ee597a;|WEB0304: Unsupported
http-service property (putEnabled) is being ignored|#]

[#|2008-05-27T08:35:30.387-0400|WARNING|sun-appserver9.1|javax.enterpris
e.system.container.web|_ThreadID=10;_ThreadName=main;deleteEnabled;_Requ
estID=64caaa43-6729-4ecc-8573-7ad257ee597a;|WEB0304: Unsupported
http-service property (deleteEnabled) is being ignored|#]

[#|2008-05-27T08:35:30.391-0400|WARNING|sun-appserver9.1|javax.enterpris
e.system.container.web|_ThreadID=10;_ThreadName=main;trackEnabled;_Reque
stID=64caaa43-6729-4ecc-8573-7ad257ee597a;|WEB0304: Unsupported
http-service property (trackEnabled) is being ignored|#]

Can I disabel track also?

Holly Lund
301-903-1174
202-586-4431

-----Original Message-----
From: Jeanfrancois.Arcand@Sun.COM [mailto:Jeanfrancois.Arcand@Sun.COM]
Sent: Tuesday, March 25, 2008 12:25 PM
To: users@glassfish.dev.java.net
Subject: Re: TRACE/TRACK vulnerability

Hi,

Lund, Holly wrote:
> How do you secure this vulnerability?

do you want to disable trace? If yes, just add, in domain.xml under


....

Thanks

-- Jeanfrancois

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Jan.Luehe@Sun.COM

Lund, Holly wrote:

>
>I assumed track would be the same so
>I added this under htttp-service
>
>
>
>
>
>
>
>
>I am getting ths is server log
>
>[#|2008-05-27T08:35:30.387-0400|WARNING|sun-appserver9.1|javax.enterpris
>e.system.container.web|_ThreadID=10;_ThreadName=main;putEnabled;_Request
>ID=64caaa43-6729-4ecc-8573-7ad257ee597a;|WEB0304: Unsupported
>http-service property (putEnabled) is being ignored|#]
>
>[#|2008-05-27T08:35:30.387-0400|WARNING|sun-appserver9.1|javax.enterpris
>e.system.container.web|_ThreadID=10;_ThreadName=main;deleteEnabled;_Requ
>estID=64caaa43-6729-4ecc-8573-7ad257ee597a;|WEB0304: Unsupported
>http-service property (deleteEnabled) is being ignored|#]
>
>[#|2008-05-27T08:35:30.391-0400|WARNING|sun-appserver9.1|javax.enterpris
>e.system.container.web|_ThreadID=10;_ThreadName=main;trackEnabled;_Reque
>stID=64caaa43-6729-4ecc-8573-7ad257ee597a;|WEB0304: Unsupported
>http-service property (trackEnabled) is being ignored|#]
>
>Can I disabel track also?
>
>

GlassFish does not support TRACK (I thought TRACK was specific
to IIS?).

Also, you may disable only TRACE via an http-service property,
but none of the other HTTP methods.

Jan

>
>Holly Lund
>301-903-1174
>202-586-4431
>
>-----Original Message-----
>From: Jeanfrancois.Arcand@Sun.COM [mailto:Jeanfrancois.Arcand@Sun.COM]
>Sent: Tuesday, March 25, 2008 12:25 PM
>To: users@glassfish.dev.java.net
>Subject: Re: TRACE/TRACK vulnerability
>
>Hi,
>
>Lund, Holly wrote:
>
>
>>How do you secure this vulnerability?
>>
>>
>
>do you want to disable trace? If yes, just add, in domain.xml under
>
>
>....
>

>
>Thanks
>
>-- Jeanfrancois
>
>
>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
>>For additional commands, e-mail: users-help@glassfish.dev.java.net
>>
>>
>>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
>For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
>For additional commands, e-mail: users-help@glassfish.dev.java.net
>
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Jeanfrancois Arcand

Hi,

Lund, Holly wrote:
> How do you secure this vulnerability?

do you want to disable trace? If yes, just add, in domain.xml under


....

Thanks

-- Jeanfrancois

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

Lund, Holly

thanks

Holly Lund
301-903-1174
202-586-4431

-----Original Message-----
From: Jeanfrancois.Arcand@Sun.COM [mailto:Jeanfrancois.Arcand@Sun.COM]
Sent: Tuesday, March 25, 2008 12:25 PM
To: users@glassfish.dev.java.net
Subject: Re: TRACE/TRACK vulnerability

Hi,

Lund, Holly wrote:
> How do you secure this vulnerability?

do you want to disable trace? If yes, just add, in domain.xml under


....

Thanks

-- Jeanfrancois

>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
> For additional commands, e-mail: users-help@glassfish.dev.java.net
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@glassfish.dev.java.net
For additional commands, e-mail: users-help@glassfish.dev.java.net