CVE-2005-3398
SUN Solaris - Information Disclosure
Title source: ruleDescription
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
Exploits (1)
metasploit
SCANNER
by Jay Turla <@shipcod3>, CG · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/trace.rb
References (6)
Scores
EPSS
0.3954
EPSS Percentile
97.3%
Details
CWE
CWE-200
Status
published
Products (3)
sun/solaris
9.0
sun/solaris
10.0
sun/sunos
5.8
Published
Nov 01, 2005
Tracked Since
Feb 18, 2026