The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-06-01T22:00:00Z
Updated: 2024-09-17T00:11:42.049Z
Reserved: 2009-06-01T00:00:00Z
Link: CVE-2004-2763
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-06-01T22:30:00.217
Modified: 2024-11-20T23:54:09.850
Link: CVE-2004-2763
Redhat
No data.