The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2010-01-25T19:00:00Z
Updated: 2024-09-16T19:47:21.818Z
Reserved: 2010-01-25T00:00:00Z
Link: CVE-2010-0386
Vulnrichment
No data.
NVD
Status : Modified
Published: 2010-01-25T19:30:01.730
Modified: 2024-11-21T01:12:06.577
Link: CVE-2010-0386
Redhat
No data.