Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
qpid-java-broker-8.0.5
-
None
-
Patch
Description
Many security scanning tools flag HTTP ports that respond to the OPTIONS command.
Broker-J already blocks the TRACE command, it should also block the OPTIONS command.
There are various ways of configuring Jetty to do this, but I have attached a patch that mirrors the filter that blocks TRACE.