CVE-2004-2763

Sun ONE/iPlanet Web Server 4.1 SP1-SP12 and 6.0 SP1-SP5 - Cross-Site Tracing via HTTP TRACE Method

Title source: llm

Description

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

References (3)

Core 3

Core References

US Government Resource third-party-advisory x_refsource_cert-vn

http://www.kb.cert.org/vuls/id/867593

Various Sources vendor-advisory x_refsource_sunalert

http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html

Exploit x_refsource_misc

http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf

Scores

EPSS 0.0102

EPSS Percentile 77.4%

Details

CWE

CWE-16

Status published

Products (5)

sun/iplanet_web_server 4.1 sp1 (24 CPE variants)

sun/iplanet_web_server 6.0 sp1 (5 CPE variants)

sun/one_web_server 4.1 (13 CPE variants)

sun/one_web_server 6.0 sp3 (3 CPE variants)

sun/one_web_server 6.1 sp1 (2 CPE variants)

Published Jun 01, 2009

Tracked Since Feb 18, 2026