SAP Knowledge Base Article - Preview

3080838 - Security issue: servers accepting dangerous HTTP methods OPTIONS, TRACE and/or TRACK

Symptom

In some security penetration testing report, it may mention that the server supports dangerous HTTP methods OPTIONS, TRACE and/or TRACK, and recommend to disable them like:
- Disable the 'TRACE' method on the proxy servers, as well as the origin web/application server.
- Disable the 'OPTIONS' method on the proxy servers, as well as the origin web/application server, if it is not required for other purposes, such as 'CORS' (Cross-Origin Resource Sharing).


Read more...

Product

SAP Commerce Cloud 1811 ; SAP Commerce Cloud 1905 ; SAP Commerce Cloud 2005 ; SAP Commerce Cloud 2011

Keywords

KBA , CEC-COM-CPS-OTH , Other topics , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.