Symptom
It can be seen that some HTTP methods which are considered insecure (for example TRACE, OPTIONS, etc.) are enabled. This can be checked with an HTTP trace tool (HttpWatch for example).
Read more...
Environment
- SAP NetWeaver Application Server Java
- Operating System independent
- Database independent
Product
SAP NetWeaver Application Server for Java 7.1 ; SAP NetWeaver Application Server for Java 7.2 ; SAP enhancement package 1 for SAP NetWeaver Application Server for Java 7.1
Keywords
security vulnerability, insecure HTTP method, TRACE, OPTIONS, PUT, DELETE, HttpWatch, SAP Web Dispatcher, HTTP server, HTTP request manipulation handler, Web Dispatcher, ICM, icm/HTTP/mod_<xx>, PREFIX, FILE, %{PATH_TRANSLATED} , KBA , kde , BC-CST-IC , Internet Communication Manager , BC-JAS-WEB , Web Container, HTTP, JavaMail, Servlets , How To
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.