Although I don't know for sure, I'm guessing it's because
TRACE is enabled. Some brain-dead security audits consider
allowing TRACE to be a "security issue" (although it's
not)...
Check out http://httpd.apache.org/docs/2.4/mod/core.html#traceenable
and give your security scanners a whack with a cl
Hi List,
Some days back I came across a very weired problem, and I am not able
to figure out. The security scanners scanned one of our public facing
website and they said that webserver is vulnerable to HTTP methods or
may be webdav is enabled. I looked around the code and couln't find
anything. B
