Cross-Site Tracing Vulnerability in Sun Java System Application Server
CVE-2010-0386

Currently unrated

Key Information:

Vendor
Oracle
Status
Java System Application Server
Vendor
CVE Published:
25 January 2010

Summary

The default configuration of the Sun Java System Application Server versions 7 and 7 2004Q2 enables the HTTP TRACE method, which presents a security risk. This configuration can allow remote attackers to execute cross-site tracing (XST) attacks, effectively gaining access to sensitive user information like cookies and authentication credentials. It is important for organizations using these server versions to review their settings and disable the TRACE method to mitigate potential attacks.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-...
vendor-advisoryx_refsource_SUNALERT

Timeline

  • Vulnerability Reserved

  • Vulnerability published

.