Cross-Site Tracing Vulnerability in Sun Java System Application Server
CVE-2010-0386
Currently unrated
Key Information:
- Vendor
- Oracle
- Vendor
- CVE Published:
- 25 January 2010
Summary
The default configuration of the Sun Java System Application Server versions 7 and 7 2004Q2 enables the HTTP TRACE method, which presents a security risk. This configuration can allow remote attackers to execute cross-site tracing (XST) attacks, effectively gaining access to sensitive user information like cookies and authentication credentials. It is important for organizations using these server versions to review their settings and disable the TRACE method to mitigate potential attacks.
References
Timeline
Vulnerability Reserved
Vulnerability published