SAP Knowledge Base Article - Preview

1902276 - Sec Vulnerability Insecure HTTP Methods enabled


It can be seen that some HTTP methods which are considered insecure (for example TRACE, OPTIONS, etc.) are enabled. This can be checked with an HTTP trace tool (HttpWatch for example).




  • SAP NetWeaver Application Server Java
  • Operating System independent
  • Database independent


SAP NetWeaver Application Server for Java 7.1 ; SAP NetWeaver Application Server for Java 7.2 ; SAP enhancement package 1 for SAP NetWeaver Application Server for Java 7.1


security vulnerability, insecure HTTP method, TRACE, OPTIONS, PUT, DELETE, HttpWatch, SAP Web Dispatcher, HTTP server, HTTP request manipulation handler, Web Dispatcher, ICM, icm/HTTP/mod_<xx>, PREFIX, FILE, %{PATH_TRANSLATED} , KBA , kde , BC-CST-IC , Internet Communication Manager , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.