Cross-Site Tracing Vulnerability in Sun Java System Application Server
CVE-2010-0386

Currently unrated

Key Information:

Vendor: Oracle
Status: Java System Application Server
Vendor: CVE Published:; 25 January 2010

What is CVE-2010-0386?

The default configuration of the Sun Java System Application Server versions 7 and 7 2004Q2 enables the HTTP TRACE method, which presents a security risk. This configuration can allow remote attackers to execute cross-site tracing (XST) attacks, effectively gaining access to sensitive user information like cookies and authentication credentials. It is important for organizations using these server versions to review their settings and disable the TRACE method to mitigate potential attacks.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...

vendor-advisoryx_refsource_SUNALERT

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Jan 25, 2010

Oracle

What is CVE-2010-0386?

References

Timeline