We are using JBOSS 4.0.5 version in our project. One of the security vulnerability tools, pointed out a vulnurability saying " Disable the ‘DELETE’ HTTP method" in the application. May anyone help me out how to solve this issue by doing suitable configuration?
The DELETE is handled by each application as it sees fit. In most apps the DELETE is not handled in which case if defaults to the doDelete() method in HttpServlet which returns with a "not supported" error.
Why does the tool you are using think that this is a security issue?