web服务器启用了不安全的HTTP方法(转)

web服务器启用了不安全的HTTP方法_波波仔86的博客-CSDN博客_配置错误的web服务器允许远程客户端执行危险的http方法,如put和delete。

<security-constraint>
<web-resource-collection>
<web-resource-name>fortune</web-resource-name>
<url-pattern>/*</url-pattern>
<http-method>PUT</http-method>
<http-method>DELETE</http-method>
<http-method>HEAD</http-method>
<http-method>OPTIONS</http-method>
<http-method>TRACE</http-method>
</web-resource-collection>
<auth-constraint></auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
</login-config>