You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@tomcat.apache.org by Ted Anagnost <an...@comcast.net> on 2005/03/04 10:56:25 UTC

step by step: demonstrate blocked http-method DELETE request?

Can someone show in a step by step way for standalone tomcat: 

1. how to show that a DELETE vulnerability exists in tomcat using a telnet session for a sample file, let's say index.html
2. how to block the vulnerability by modifying web.xml 
3. what telnet will show once the vulnerability has been blocked

Bill,

I've tried your latest suggestions but really have not seen any differences when I try to test them.  My vulnerability scanner still shows DELETE and PUT being vulnerable.

Thanks