[QPID-8552] [Broker-J] Http management interface should ignore OPTIONS command - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: qpid-java-broker-8.0.5
Fix Version/s: qpid-java-broker-8.0.6
Component/s: Broker-J
Labels:
None

Flags:

Patch

Description

Many security scanning tools flag HTTP ports that respond to the OPTIONS command.

Broker-J already blocks the TRACE command, it should also block the OPTIONS command.

There are various ways of configuring Jetty to do this, but I have attached a patch that mirrors the filter that blocks TRACE.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

forbid-options.patch
15/Jul/21 14:40
5 kB
Tom Jordahl

Activity

People

Assignee:: Alex Rudyy

Reporter:: Tom Jordahl

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 15/Jul/21 14:39

Updated:: 29/Aug/21 19:04

Resolved:: 25/Jul/21 16:50