cbcvebase.
CVE-2005-3398
published 2005-11-01

CVE-2005-3398: The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow…

PriorityP426medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
13.11%
95.9th percentile
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

Affected

18 ranges
VendorProductVersion rangeFixed in
ibmlotus_domino_server
ibmlotus_domino_server
ibmlotus_domino_server
ibmlotus_domino_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
mbedthis_softwarembedthis_appweb_http_server
sunjava_system_application_server
sunsolaris
sunsolaris
sunsunos

CVSS provenance

nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.