The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NSun Java System Application Server
APPSun7.0
Powiązane podatności
Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System...
Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does...
Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT...
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to exec...
Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFis...