Cross-Site Tracing Vulnerability in Sun ONE/iPlanet Web Server
CVE-2004-2763

Currently unrated

Key Information:

Vendor
Oracle
Vendor
CVE Published:
1 June 2009

Summary

The Sun ONE/iPlanet Web Server defaults to allow HTTP TRACE requests, making it susceptible to cross-site tracing (XST) attacks. Attackers can exploit this vulnerability to gather sensitive information from vulnerable web applications that permit cross-site scripting. By manipulating TRACE requests, remote attackers can bypass security measures and steal data that would otherwise be protected.

References

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.