Lucene search
HistoryJan 25, 2010 - 7:30 p.m.
CVE-2010-0386
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.008
Percentile
81.9%
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
Affected configurations
Node
sunjava_system_application_serverMatch7.0
ORsunjava_system_application_serverMatch7.0platform
ORsunjava_system_application_serverMatch7.0standard
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun | java_system_application_server | 7.0 | cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:* |
| sun | java_system_application_server | 7.0 | cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:* |
| sun | java_system_application_server | 7.0 | cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:* |
Related
cve
cve
cvelist
cvelist
prion
prion
Design/Logic Flaw
2010-01-25 19:30:00
Design/Logic Flaw
2010-01-25 19:30:00
Cross site scripting
2007-06-04 17:30:00
nvd
nvd
f5
f5
SOL15904 - Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
K15904 : Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
openvas
openvas
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116808-02
2009-06-03 00:00:00
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116807-02
2009-06-03 00:00:00
Solaris Update for /usr/sadm/lib/smc/lib/preload/jsdk21.jar 116807-02
2009-06-03 00:00:00
metasploit
metasploit
HTTP Cross-Site Tracing Detection
2011-11-03 20:09:11
HTTP Options Detection
2009-04-13 14:33:26
checkpoint_advisories
checkpoint_advisories
nessus
nessus
Solaris 9 (sparc) : 116807-02
2004-07-12 00:00:00
Solaris 9 (x86) : 116808-02
2004-07-12 00:00:00
HTTP TRACE / TRACK Methods Allowed
2003-01-23 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that arenβt. Cross Site Tracing / XST
2022-01-25 06:08:46
redhatcve
redhatcve
CVE-2007-3008
2015-10-30 09:28:33
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
6.5
Confidence
Low
EPSS
0.008
Percentile
81.9%
Related for NVD:CVE-2010-0386