Cross-Site Tracing Vulnerability in Sun ONE/iPlanet Web Server
CVE-2004-2763
Currently unrated
Summary
The Sun ONE/iPlanet Web Server defaults to allow HTTP TRACE requests, making it susceptible to cross-site tracing (XST) attacks. Attackers can exploit this vulnerability to gather sensitive information from vulnerable web applications that permit cross-site scripting. By manipulating TRACE requests, remote attackers can bypass security measures and steal data that would otherwise be protected.
References
Timeline
Vulnerability Reserved
Vulnerability published