CVE-2004-2320

Sažetak

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Reference

http://dev2dev.bea.com/pub/advisory/68
http://secunia.com/advisories/10726
http://www.kb.cert.org/vuls/id/867593
http://www.osvdb.org/3726
http://www.securityfocus.com/bid/9506
http://www.securitytracker.com/alerts/2004/Jan/1008866.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/14959

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:31

Objavljeno

31-12-2004 - 05:00