CVE-2004-2763

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:iplanet_web_server:6.0:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*
cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*

History

20 Nov 2024, 23:54

Type Values Removed Values Added
References () http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html - () http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html -
References () http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf - Exploit () http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf - Exploit
References () http://www.kb.cert.org/vuls/id/867593 - US Government Resource () http://www.kb.cert.org/vuls/id/867593 - US Government Resource

Information

Published : 2009-06-01 22:30

Updated : 2024-11-20 23:54


NVD link : CVE-2004-2763

Mitre link : CVE-2004-2763

CVE.ORG link : CVE-2004-2763


JSON object : View

Products Affected

sun

  • iplanet_web_server
  • one_web_server
CWE
CWE-16

Configuration