← Back

CVE-2004-2763

nvd nist
Published: Jun 1, 2009Modified: Apr 23, 2026

JSON object

Loading...
5.8
Vector
AV:N/AC:M/Au:N/C:P/I:P/A:N
Exploitability: 8.6 / Impact: 4.9
Source: NVD

Description

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Affected (47)

Sun
2 products
Iplanet Web Server
One Web Server
Configuration A
47 vulnerable
Vulnerable SoftwareAffected Versions
Sun
Iplanet Web Server
Version 4.1 sp10
Iplanet Web Server
Version 4.1 sp10
Iplanet Web Server
Version 4.1 sp11
Iplanet Web Server
Version 4.1 sp11
Iplanet Web Server
Version 4.1 sp12
Iplanet Web Server
Version 4.1 sp12
Iplanet Web Server
Version 4.1 sp1
Iplanet Web Server
Version 4.1 sp1
Iplanet Web Server
Version 4.1 sp2
Iplanet Web Server
Version 4.1 sp2
Iplanet Web Server
Version 4.1 sp3
Iplanet Web Server
Version 4.1 sp3
Iplanet Web Server
Version 4.1 sp4
Iplanet Web Server
Version 4.1 sp4
Iplanet Web Server
Version 4.1 sp5
Iplanet Web Server
Version 4.1 sp5
Iplanet Web Server
Version 4.1 sp6
Iplanet Web Server
Version 4.1 sp6
Iplanet Web Server
Version 4.1 sp7
Iplanet Web Server
Version 4.1 sp7
Iplanet Web Server
Version 4.1 sp8
Iplanet Web Server
Version 4.1 sp8
Iplanet Web Server
Version 4.1 sp9
Iplanet Web Server
Version 4.1 sp9
Iplanet Web Server
Version 6.0 sp1
Iplanet Web Server
Version 6.0 sp2
Iplanet Web Server
Version 6.0 sp3
Iplanet Web Server
Version 6.0 sp4
Iplanet Web Server
Version 6.0 sp5
Sun
One Web Server
Version 4.1
One Web Server
Version 4.1 sp10
One Web Server
Version 4.1 sp11
One Web Server
Version 4.1 sp12
One Web Server
Version 4.1 sp1
One Web Server
Version 4.1 sp2
One Web Server
Version 4.1 sp3
One Web Server
Version 4.1 sp4
One Web Server
Version 4.1 sp5
One Web Server
Version 4.1 sp6
One Web Server
Version 4.1 sp7
One Web Server
Version 4.1 sp8
One Web Server
Version 4.1 sp9
One Web Server
Version 6.0 sp3
One Web Server
Version 6.0 sp4
One Web Server
Version 6.0 sp5
One Web Server
Version 6.1 sp1
One Web Server
Version 6.1 sp2

Related CWEs

CWE-16
CWE-16

References (6)

Source: cve@mitre.org
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
US Government Resource
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource

Timeline

No history available yet.