I'm running JBoss 3.2.1 with Jetty 4. The other day I scanned the server with a 3rd party product to check for vulnerabilities. The software showed the HttpTrace service enabled and listed this as vulnerability. I don't believe it would be possible to grab any useful information from our application but does anybody know how to configure JBoss or Jetty to disable the HttpTrace service.

Thank you
Chris.