HIGH🇵🇱 Wersja polska

CVE-2010-0386

CVSS 8.1v2.0pub. 2010-01-25upd. 2026-05-28

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
  • Sun Java System Application Server

    APP
    Sun
    7.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2011-0807HIGH10.0ten sam produkt

Unspecified vulnerability in Oracle Sun GlassFish Enterprise Server 2.1, 2.1.1, and 3.0.1, and Sun Java System...

CVE-2007-5152HIGH7.5ten sam produkt

Sun Java System Access Manager 7.1, when installed in a Sun Java System Application Server 9.1 container, does...

CVE-2007-3715HIGH9.3ten sam produkt

Sun Java System Application Server and Web Server 7.0 through 9.0 before 20070710 do not properly process XSLT...

CVE-2004-0826HIGH7.5ten sam produkt

Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to exec...

CVE-2012-3155MEDIUM5.0ten sam produkt

Unspecified vulnerability in the CORBA ORB component in Sun GlassFish Enterprise Server 2.1.1, Oracle GlassFis...