CVE-2004-2763

CWE-163 documents3 sources
Severity
5.8MEDIUM
EPSS
1.0%
top 22.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SUN Iplanet WEB ServerSUN ONE WEB Server
Timeline
PublishedJun 1
Latest updateApr 29

Description

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 8.6 | Impact: 4.9

Affected Packages2 packages

NVDsun/iplanet_web_server4.1, 6.0+1
NVDsun/one_web_server4.1, 6.0, 6.1+2

🔴Vulnerability Details

2
GHSA
GHSA-79p6-hxp5-mfcw: The default configuration of Sun ONE/iPlanet Web Server 42022-04-29
CVEList
CVE-2004-2763: The default configuration of Sun ONE/iPlanet Web Server 42009-06-01
CVE-2004-2763 (MEDIUM CVSS 5.8) | The default configuration of Sun ON | cvebase.io