| ID |
CVE-2010-0386
|
| Summary |
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398. Per: http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
Contributing Factors
This issue can occur in the following releases:
* Sun Java System Application Server Standard Edition 7 and later updates
* Sun Java System Application Server Standard Edition 7 2004Q2 and later updates
* Sun Java System Application Server Platform Edition 7 and later updates |
| References |
|
| Vulnerable Configurations |
-
cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*
cpe:2.3:a:sun:java_system_application_server:7.0:*:*:*:*:*:*:*
-
cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
cpe:2.3:a:sun:java_system_application_server:7.0:*:platform:*:*:*:*:*
-
cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
cpe:2.3:a:sun:java_system_application_server:7.0:*:standard:*:*:*:*:*
|
| CVSS |
| Base: | 4.3 (as of 31-01-2010 - 05:00) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-16 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| refmap
via4
|
|
| Last major update |
31-01-2010 - 05:00 |
| Published |
25-01-2010 - 19:30 |
| Last modified |
31-01-2010 - 05:00 |
