Vulnerability Description
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sun | Solaris | 9.0 |
| Sun | Sunos | 5.8 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/17334
- http://securitytracker.com/id?1015112Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1PatchVendor Advisory
- http://www.securityfocus.com/bid/15222
- http://www.vupen.com/english/advisories/2005/2226
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
- http://secunia.com/advisories/17334
- http://securitytracker.com/id?1015112Patch
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1PatchVendor Advisory
- http://www.securityfocus.com/bid/15222
- http://www.vupen.com/english/advisories/2005/2226
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3
FAQ
What is CVE-2005-3398?
CVE-2005-3398 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive infor...
How severe is CVE-2005-3398?
CVE-2005-3398 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-3398?
Check the references section above for vendor advisories and patch information. Affected products include: Sun Solaris, Sun Sunos.