CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
79.2%
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Vendor | Product | Version | CPE |
---|---|---|---|
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:* |
sun | iplanet_web_server | 4.1 | cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:* |