3 Replies Latest reply on Oct 25, 2017 11:41 AM by Priyanka Tyagi

    Disable Trace or Track on Wildfly 9.0.2 Final to mitigate Vulnerability Issue

    Junier Lee Newbie

      Wildfly version 9.0.2 Final

      Facing an VA score medium level


      This is VA that i got hit by this version
      https://www.tenable.com/plugins/index.php?view=single&id=11213

      [standalone@localhost:9990 /] /subsystem=undertow/server=default-server/ht tp-listener=default:read-resource
      {
      "outcome" => "success",
      "result" =>

      { "allow-encoded-slash" => false, "allow-equals-in-cookie-value" => false, "always-set-keep-alive" => true, "buffer-pipelined-data" => true, "buffer-pool" => "default", "certificate-forwarding" => false, "decode-url" => true, "enable-http2" => false, "enabled" => true, "max-buffered-request-size" => 16384, "max-cookies" => 200, "max-header-size" => 1048576, "max-headers" => 200, "max-parameters" => 1000, "max-post-size" => 104857600L, "no-request-timeout" => undefined, "proxy-address-forwarding" => false, "read-timeout" => undefined, "receive-buffer" => undefined, "record-request-start-time" => false, "redirect-socket" => undefined, "request-parse-timeout" => undefined, "resolve-peer-address" => false, "send-buffer" => undefined, "socket-binding" => "http", "tcp-backlog" => undefined, "tcp-keep-alive" => undefined, "url-charset" => "UTF-8", "worker" => "default", "write-timeout" => undefined }

      }
      [standalone@localhost:9990 /]

      Above i do not have any attribute to state disallowed methods for TRACE and TRACK.

      How to i work around with it, since this version of mine will be Final Version and i want to have a workaround

      Any Gurus can assist me how to work around since this version does not have that attribute which is disallow-methods