CVE-2005-3398

Solaris 8-10 - Unauthenticated Sensitive Information Exposure via HTTP TRACE Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3398. PoCs published by Jay Turla <@shipcod3>, CG, including Metasploit module auxiliary/scanner/http/trace.

AI-analyzed exploit summary This Metasploit module checks if a target host is vulnerable to Cross-Site Tracing (XST) by sending a TRACE request with a JavaScript payload. It verifies if the payload is reflected in the response, indicating potential XST vulnerability.

Description

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

Exploits (1)

metasploit SCANNER
by Jay Turla <@shipcod3>, CG · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/trace.rb

This Metasploit module checks if a target host is vulnerable to Cross-Site Tracing (XST) by sending a TRACE request with a JavaScript payload. It verifies if the payload is reflected in the response, indicating potential XST vulnerability.

Classification
Scanner 90%
Attack Type
Other
Complexity
Trivial
Reliability
Reliable
Target: HTTP servers supporting TRACE method
No auth needed
Prerequisites: Target server must have TRACE method enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15222
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17334
Patch, Vendor Advisory vendor-advisory x_refsource_sunalert
http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1445
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2226
Patch vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015112

Scores

EPSS 0.1311
EPSS Percentile 95.8%

Details

CWE
CWE-200
Status published
Products (3)
sun/solaris 9.0
sun/solaris 10.0
sun/sunos 5.8
Published Nov 01, 2005
Tracked Since Feb 18, 2026