CVE-2004-2320
BEA WebLogic Server and Express - Information Exposure via HTTP TRACE Method
Title source: llmDescription
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/14959
Third Party Advisory, US Government Resource third-party-advisory
x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/867593
Patch, Vendor Advisory vendor-advisory
x_refsource_bea
http://dev2dev.bea.com/pub/advisory/68
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/9506
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/10726
Patch vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/alerts/2004/Jan/1008866.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/3726
Scores
EPSS
0.0548
EPSS Percentile
90.3%
Details
CWE
CWE-200
Status
published
Products (2)
bea/weblogic_server
5.1 (41 CPE variants)
bea/weblogic_server
6.1 (9 CPE variants)
Published
Dec 31, 2004
Tracked Since
Feb 18, 2026