Vulnerability Description
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Iplanet Web Server | 4.1 |
| Sun | One Web Server | 4.1 |
Related Weaknesses (CWE)
References
- http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
- http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdfExploit
- http://www.kb.cert.org/vuls/id/867593US Government Resource
- http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
- http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdfExploit
- http://www.kb.cert.org/vuls/id/867593US Government Resource
FAQ
What is CVE-2004-2763?
CVE-2004-2763 is a vulnerability with a CVSS score of 5.8 (MEDIUM). The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cro...
How severe is CVE-2004-2763?
CVE-2004-2763 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-2763?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Iplanet Web Server, Sun One Web Server.