Vulnerability Details CVE-2004-2763
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.1%
CVSS Severity
CVSS v2 Score 5.8
References
- http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
- http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
- http://www.kb.cert.org/vuls/id/867593
- http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
- http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
- http://www.kb.cert.org/vuls/id/867593
Products affected by CVE-2004-2763
-
cpe:2.3:a:sun:iplanet_web_server:4.1
-
cpe:2.3:a:sun:iplanet_web_server:6.0
-
cpe:2.3:a:sun:one_web_server:4.1
-
cpe:2.3:a:sun:one_web_server:6.0
-
cpe:2.3:a:sun:one_web_server:6.1