Cross-Site Tracing Vulnerability in Sun ONE/iPlanet Web Server
CVE-2004-2763

Currently unrated

Key Information:

Vendor

Oracle
Status
One Web Server
Iplanet Web Server
Vendor
CVE Published:
1 June 2009

What is CVE-2004-2763?

The Sun ONE/iPlanet Web Server defaults to allow HTTP TRACE requests, making it susceptible to cross-site tracing (XST) attacks. Attackers can exploit this vulnerability to gather sensitive information from vulnerable web applications that permit cross-site scripting. By manipulating TRACE requests, remote attackers can bypass security measures and steal data that would otherwise be protected.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.kb.cert.org/vuls/id/867593
third-party-advisoryx_refsource_CERT-VN
http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00...
vendor-advisoryx_refsource_SUNALERT
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_...
x_refsource_MISC

Timeline

  • Vulnerability Reserved

  • Vulnerability published

JSON
.