Lucene search
Redhat.comRH:CVE-2004-2320HistoryOct 30, 2015 - 9:39 a.m.
CVE-2004-2320
2015-10-3009:39:58
redhat.com
access.redhat.com
11
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.005
Percentile
77.0%
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Related
nessus
nessus
WebLogic < 8.1 SP3 Multiple Vulnerabilities
2004-09-14 00:00:00
HTTP TRACE / TRACK Methods Allowed
2003-01-23 00:00:00
HTTP Reverse Proxy Detection (Deprecated)
2002-07-02 00:00:00
cvelist
cvelist
CVE-2004-2320
2005-08-16 04:00:00
CVE-2007-3008
2007-06-04 17:00:00
nvd
nvd
CVE-2004-2320
2004-12-31 05:00:00
CVE-2007-3008
2007-06-04 17:30:00
cve
cve
CVE-2004-2320
2005-08-16 04:00:00
CVE-2007-3008
2007-06-04 17:30:00
openvas
openvas
Buffalo Buffalo LS210D < 1.82 Multiple Vulnerabilities
2024-05-17 00:00:00
http TRACE XSS attack
2005-11-03 00:00:00
HTTP Debugging Methods (TRACE/TRACK) Enabled
2005-11-03 00:00:00
redhatcve
redhatcve
CVE-2007-3008
2015-10-30 09:28:33
prion
prion
Cross site scripting
2007-06-04 17:30:00
f5
f5
K15904 : Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
SOL15904 - Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that arenβt. Cross Site Tracing / XST
2022-01-25 06:08:46
CVSS2
5.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
AI Score
7
Confidence
Low
EPSS
0.005
Percentile
77.0%
Related for RH:CVE-2004-2320