WebSphere Application Server & Liberty

WebSphere Application Server & Liberty

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  regarding IHS

    Posted Thu March 13, 2014 12:10 PM
    HI everyone,

    i got this vulnerability when i scanned the IHS
    Vulnerability finding appeared in last successful scan attempt.

    Finding Text: Web Server Cross-Site-Tracing Vulnerability
     
    Please guide me how to resolve this......
    its VVIMP


  • 2.  regarding IHS

    Posted Thu March 13, 2014 01:09 PM
    Hi Masood,

      You don't especified your IHS version.
     
      Based on the next link
        
        Disabling the HTTP TRACE method
        publib.boulder.ibm.com/httpserv/ihsdiag/...
        
      From v7 you only need to edit your http.conf configuration file of the IHS, put
     
      TraceEnable off

      and restart the server.
     
      publib.boulder.ibm.com/httpserv/manual70...
     
      If you are not in v7 the you need to use mod_rewrite and put

      RewriteEngine On
      RewriteCond %{REQUEST_METHOD} ^TRACE
      RewriteRule .* - [F]

      Hope this helps. Tell us if you need more support.
     
    regards


Related Content