CVE-2012-2223

Novell ZENworks Configuration Management 10.3.x-10.3.4 & 11.x-11.2 - Sensitive Information Exposure via HTTP TRACE

Title source: llm

Description

The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/74818

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=7010044

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=7010137

Vendor Advisory x_refsource_confirm

http://www.novell.com/support/viewContent.do?externalId=7008244

Scores

EPSS 0.0087

EPSS Percentile 75.5%

Details

CWE

CWE-200

Status published

Products (7)

novell/zenworks_configuration_management 10.3

novell/zenworks_configuration_management 10.3.1

novell/zenworks_configuration_management 10.3.2

novell/zenworks_configuration_management 10.3.3

novell/zenworks_configuration_management 11

novell/zenworks_configuration_management 11.1

novell/zenworks_configuration_management 11.1a

Published Apr 11, 2012

Tracked Since Feb 18, 2026