Lucene search
HistoryApr 11, 2012 - 10:39 a.m.
CVE-2012-2223
novell
zenworks
configuration management
zcm
vulnerability
cve-2012-2223
xst
http trace
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.5%
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
Affected configurations
Node
novellzenworks_configuration_managementMatch10.3
ORnovellzenworks_configuration_managementMatch10.3.1
ORnovellzenworks_configuration_managementMatch10.3.2
ORnovellzenworks_configuration_managementMatch10.3.3
ORnovellzenworks_configuration_managementMatch11
ORnovellzenworks_configuration_managementMatch11.1
ORnovellzenworks_configuration_managementMatch11.1a
Related
cvelist
cvelist
CVE-2012-2223
2012-04-11 10:00:00
nvd
nvd
CVE-2012-2223
2012-04-11 10:39:27
nessus
nessus
prion
prion
Cross site scripting
2012-04-11 10:39:00
openvas
openvas
HTTP Debugging Methods (TRACE/TRACK) Enabled
2005-11-03 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.7 Medium
AI Score
Confidence
Low
0.005 Low
EPSS
Percentile
77.5%
Related for CVE-2012-2223