IBM appscan安全漏洞扫描--启用了不安全的 HTTP 方法
appscan修订建议:
如果服务器不需要支持 WebDAV,请务必禁用它,或禁止不必要的 HTTP 方法(动词)。
<security-constraint> <web-resource-collection> <url-pattern>/*</url-pattern> <http-method>PUT</http-method> <http-method>DELETE</http-method> <http-method>HEAD</http-method> <http-method>OPTIONS</http-method> <http-method>TRACE</http-method> </web-resource-collection> <auth-constraint></auth-constraint> </security-constraint>