Vulnerability Description
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bea | Weblogic Server | 5.1 |
Related Weaknesses (CWE)
References
- http://dev2dev.bea.com/pub/advisory/68PatchVendor Advisory
- http://secunia.com/advisories/10726Vendor Advisory
- http://www.kb.cert.org/vuls/id/867593Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/3726
- http://www.securityfocus.com/bid/9506Patch
- http://www.securitytracker.com/alerts/2004/Jan/1008866.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14959
- http://dev2dev.bea.com/pub/advisory/68PatchVendor Advisory
- http://secunia.com/advisories/10726Vendor Advisory
- http://www.kb.cert.org/vuls/id/867593Third Party AdvisoryUS Government Resource
- http://www.osvdb.org/3726
- http://www.securityfocus.com/bid/9506Patch
- http://www.securitytracker.com/alerts/2004/Jan/1008866.htmlPatch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/14959
FAQ
What is CVE-2004-2320?
CVE-2004-2320 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote ...
How severe is CVE-2004-2320?
CVE-2004-2320 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2320?
Check the references section above for vendor advisories and patch information. Affected products include: Bea Weblogic Server.