QwikSec

Security Database

CVE

CWE

Training

CVE-2004-2763

Published: Jun 1, 2009

Modified: Sep 17, 2024

PUBLISHED

Description

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_CERT-VN

vendor-advisory

x_refsource_SUNALERT

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.