CVE-2005-3398Sensitive Information Exposure in IBM Lotus Domino Server

CWE-200Sensitive Information ExposureCWE-79Cross-site Scripting15 documents5 sources
Severity
4.3MEDIUMNVD
CNA5.8
EPSS
39.5%
top 2.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
IBM Lotus Domino ServerMbedthis Software Mbedthis Appweb Http ServerSUN Java System Application Server+2 more
Timeline
PublishedNov 1
Latest updateMay 17

Description

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages5 packages

NVDsun/solaris10.0, 9.0+1
NVDibm/lotus_domino_server4 versions+3
NVDsun/sunos5.8

Patches

Patch: securitytracker.comPatch: sunsolve.sun.comPatch: securitytracker.com

🔴Vulnerability Details

8
GHSA
GHSA-g6pv-jvqw-865r: The default configuration of the web server in IBM Lotus Domino Server, possibly 62022-05-17
GHSA
GHSA-7g8w-vphh-j565: The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attacke2022-05-02
GHSA
GHSA-wgh7-rqcp-g392: The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which coul2022-05-01
GHSA
GHSA-522h-48w5-75fm: Mbedthis AppWeb before 22022-05-01
CVEList
CVE-2010-0386: The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attacke2010-01-25

💥Exploits & PoCs

2
Metasploit
HTTP Cross-Site Tracing Detection
Metasploit
HTTP Options Detection

📋Vendor Advisories

1
Red Hat
CVE-2007-3008: Mbedthis AppWeb before 2
CVE-2005-3398 — Sensitive Information Exposure in IBM | cvebase