The remote Web server supports the TRACE and/or TRACK HTTP methods, which makes it easier for remote attackers to steal cookies and authentication credentials or bypass the HttpOnly protection mechanism. Track / Trace are required to be disabled to be PCI compliance.
If this vulnerability is successfully exploited, attackers can potentially steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism.
How do I disable HTTP trace method on my Dynatrace server port 8040, 8041, 8042, 8043?
Thank you for your time.
App Mon SSL Certificate 2 Answers