 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.800162 |
| Category: | Web application abuses |
| Title: | Sun Java System Application Server Cross-Site Tracing Vulnerability |
| Summary: | Sun Java System Application Server is prone to a cross-site tracing vulnerability. |
| Description: | Summary: Sun Java System Application Server is prone to a cross-site tracing vulnerability. Vulnerability Insight: An error exists while processing HTTP TRACE method and returns contents of clients HTTP requests in the entity-body of the TRACE response. An attacker can use this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Vulnerability Impact: Successful exploitation lets the attackers to get sensitive information, such as cookies or authentication data, contained in the HTTP headers. Affected Software/OS: Sun Java System Application Server Standard Edition 7 and later updates, Sun Java System Application Server Standard Edition 7 2004Q2 and later updates Solution: See the vendor advisory for a workaround. CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2010-0386 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 |
| Copyright | Copyright (C) 2010 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |