Lucene search
HistoryNov 01, 2005 - 12:47 p.m.
CVE-2005-3398
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.008
Percentile
81.7%
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
Affected configurations
Node
sunsolarisMatch9.0sparc
ORsunsolarisMatch10.0sparc
ORsunsunosMatch5.8
Related
cvelist
cvelist
metasploit
metasploit
HTTP Cross-Site Tracing Detection
2011-11-03 20:09:11
HTTP Options Detection
2009-04-13 14:33:26
openvas
openvas
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116808-02
2009-06-03 00:00:00
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116807-02
2009-06-03 00:00:00
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116807-02
2009-06-03 00:00:00
cve
cve
nessus
nessus
Solaris 9 (sparc) : 116807-02
2004-07-12 00:00:00
Solaris 9 (x86) : 116808-02
2004-07-12 00:00:00
Solaris 10 (sparc) : 121308-20 (deprecated)
2005-12-07 00:00:00
nvd
nvd
redhatcve
redhatcve
CVE-2007-3008
2015-10-30 09:28:33
prion
prion
Design/Logic Flaw
2010-01-25 19:30:00
Cross site scripting
2007-06-04 17:30:00
Design/Logic Flaw
2010-01-25 19:30:00
f5
f5
SOL15904 - Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
K15904 : Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that arenβt. Cross Site Tracing / XST
2022-01-25 06:08:46
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.1
Confidence
Low
EPSS
0.008
Percentile
81.7%
Related for NVD:CVE-2005-3398