OPTIONS method is enabled

HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides a list of the methods that are supported by the web server, it represents a request for information about the communication options available on the request/response chain identified by the Request-URI.

Impact
The OPTIONS method may expose sensitive information that may help an malicious user to prepare more advanced attacks.

Recommendation
It’s recommended to disable OPTIONS Method on the web server.

Solution
Add <security-constraint> to tomcat/conf/web.xml

<security-constraint>
  <web-resource-collection>
    <web-resource-name><strong>restricted methods</strong></web-resource-name>
    <url-pattern>/*</url-pattern>
    <http-method>OPTIONS</http-method>
  </web-resource-collection>
  <auth-constraint />
</security-constraint>

Restart tomcat is required.