Leo Donahue - PLANDEVX wrote:
...
Yes. I wasn't implementing doPUT or doDELETE and was scratching my head trying
to figure out how the security scan was able to indicate those methods were
available.
Then it very much looks right now as if it is the scanner which is faulty.
Being mainly a perl guy, I know this tool which would tell you how the
Tomcat reacts : lwp-request
It is a perl command-line tool which allows to create and send a HTTP
request to a server, and see the returned answer in detail.
lwp-request --help will tell you all about it.
e.g.
# lwp-request -m PUT -Sed http://localhost:8180/some-url
Please enter content (text/plain) to be PUTed:
abcdef
^D
PUT http://localhost:8180/some-url --> 403 Forbidden
Connection: close
Date: Fri, 14 May 2010 15:24:55 GMT
Server: Apache-Coyote/1.1
Content-Length: 958
Content-Type: text/html;charset=utf-8
Client-Date: Fri, 14 May 2010 15:24:55 GMT
Client-Peer: 127.0.0.1:8180
Client-Response-Num: 1
Title: Apache Tomcat/5.0 - Error report
So, it does respond 403.
Mark was right. How does he know these things ?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
