CVE-2004-2763
Severity CVSS v4.0:
Pending analysis
Type:
CWE-16
Configuration Errors
Publication date:
01/06/2009
Last modified:
09/04/2025
Description
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Impact
Base Score 2.0
5.80
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:* | ||
| cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
- http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
- http://www.kb.cert.org/vuls/id/867593
- http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
- http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
- http://www.kb.cert.org/vuls/id/867593