Lucene search

MitreCVE-2004-2763

HistoryJun 01, 2009 - 10:30 p.m.

CVE-2004-2763

2009-06-0122:30:00

CWE-16

mitre

web.nvd.nist.gov

cve

2004

2763

sun one

iplanet

web server

http

trace

cross-site tracing

xst

cross-site scripting

nvd

CVSS2

5.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

AI Score

5.9

Confidence

High

EPSS

0.006

Percentile

79.2%

JSON

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Affected configurations

Nvd

Node

suniplanet_web_serverMatch4.1sp1

suniplanet_web_serverMatch4.1sp1enterprise

suniplanet_web_serverMatch4.1sp10

suniplanet_web_serverMatch4.1sp10enterprise

suniplanet_web_serverMatch4.1sp11

suniplanet_web_serverMatch4.1sp11enterprise

suniplanet_web_serverMatch4.1sp12

suniplanet_web_serverMatch4.1sp12enterprise

suniplanet_web_serverMatch4.1sp2

suniplanet_web_serverMatch4.1sp2enterprise

suniplanet_web_serverMatch4.1sp3

suniplanet_web_serverMatch4.1sp3enterprise

suniplanet_web_serverMatch4.1sp4

suniplanet_web_serverMatch4.1sp4enterprise

suniplanet_web_serverMatch4.1sp5

suniplanet_web_serverMatch4.1sp5enterprise

suniplanet_web_serverMatch4.1sp6

suniplanet_web_serverMatch4.1sp6enterprise

suniplanet_web_serverMatch4.1sp7

suniplanet_web_serverMatch4.1sp7enterprise

suniplanet_web_serverMatch4.1sp8

suniplanet_web_serverMatch4.1sp8enterprise

suniplanet_web_serverMatch4.1sp9

suniplanet_web_serverMatch4.1sp9enterprise

suniplanet_web_serverMatch6.0sp1

suniplanet_web_serverMatch6.0sp2

suniplanet_web_serverMatch6.0sp3

suniplanet_web_serverMatch6.0sp4

suniplanet_web_serverMatch6.0sp5

sunone_web_serverMatch4.1

sunone_web_serverMatch4.1sp1

sunone_web_serverMatch4.1sp10

sunone_web_serverMatch4.1sp11

sunone_web_serverMatch4.1sp12

sunone_web_serverMatch4.1sp2

sunone_web_serverMatch4.1sp3

sunone_web_serverMatch4.1sp4

sunone_web_serverMatch4.1sp5

sunone_web_serverMatch4.1sp6

sunone_web_serverMatch4.1sp7

sunone_web_serverMatch4.1sp8

sunone_web_serverMatch4.1sp9

sunone_web_serverMatch6.0sp3

sunone_web_serverMatch6.0sp4

sunone_web_serverMatch6.0sp5

sunone_web_serverMatch6.1sp1

sunone_web_serverMatch6.1sp2

VendorProductVersionCPE
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
suniplanet_web_server4.1cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*

Vendor	Product	Version	CPE
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp1::::::
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:::::*
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp10::::::
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:::::*
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp11::::::
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:::::*
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp12::::::
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:::::*
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp2::::::
sun	iplanet_web_server	4.1	cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:::::*