Vulnerabilities > CVE-2004-2763 - Configuration vulnerability in SUN Iplanet web Server and ONE web Server

CVSS 5.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

network

sun

CWE-16

NVD

Published: 2009-06-01

Updated: 2009-06-02

Summary

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Vulnerable Configurations

Part	Description	Count
Application	Sun SUN Iplanet WEB Server 4.1 SUN Iplanet WEB Server 6.0 SUN ONE WEB Server 4.1 SUN ONE WEB Server 6.0 SUN ONE WEB Server 6.1	47

Common Weakness Enumeration (CWE)

CWE-16 - Configuration

References

http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://www.kb.cert.org/vuls/id/867593