CVE-2005-3398
published 2005-11-01CVE-2005-3398: The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow…
PriorityP426medium4.3CVSS 2.0
AVNACMAuNCPINAN
EXPLOIT
EPSS
13.11%
95.9th percentile
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ibm | lotus_domino_server | — | — |
| ibm | lotus_domino_server | — | — |
| ibm | lotus_domino_server | — | — |
| ibm | lotus_domino_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| mbedthis_software | mbedthis_appweb_http_server | — | — |
| sun | java_system_application_server | — | — |
| sun | solaris | — | — |
| sun | solaris | — | — |
| sun | sunos | — | — |
CVSS provenance
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vendor_redhat5.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g6pv-jvqw-865r: The default configuration of the web server in IBM Lotus Domino Server, possibly 6
ghsa_unreviewed·2022-05-17·CVSS 5.8
CVE-2008-7253 [MEDIUM] GHSA-g6pv-jvqw-865r: The default configuration of the web server in IBM Lotus Domino Server, possibly 6
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
GHSA
GHSA-7g8w-vphh-j565: The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attacke
ghsa_unreviewed·2022-05-02·CVSS 5.8
CVE-2010-0386 [MEDIUM] GHSA-7g8w-vphh-j565: The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attacke
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
GHSA
GHSA-wgh7-rqcp-g392: The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which coul
ghsa_unreviewed·2022-05-01
CVE-2005-3398 [MEDIUM] CWE-200 GHSA-wgh7-rqcp-g392: The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which coul
The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
GHSA
GHSA-522h-48w5-75fm: Mbedthis AppWeb before 2
ghsa_unreviewed·2022-05-01·CVSS 5.8
CVE-2007-3008 [MEDIUM] CWE-79 GHSA-522h-48w5-75fm: Mbedthis AppWeb before 2
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
Red Hat
CVE-2007-3008: Mbedthis AppWeb before 2
vendor_redhat·CVSS 5.8
CVE-2007-3008 [MEDIUM] CVE-2007-3008: Mbedthis AppWeb before 2
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
Statement: The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required.
For more information please see:
http://www.apacheweek.com/issues/03-01-24#news
No detection rules found.
Metasploit
HTTP Cross-Site Tracing Detection
metasploit
HTTP Cross-Site Tracing Detection
HTTP Cross-Site Tracing Detection
Checks if the host is vulnerable to Cross-Site Tracing (XST)
Metasploit
HTTP Options Detection
metasploit
HTTP Options Detection
HTTP Options Detection
Display available HTTP options for each system
No writeups or analysis indexed.
http://secunia.com/advisories/17334http://securitytracker.com/id?1015112http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1http://www.securityfocus.com/bid/15222http://www.vupen.com/english/advisories/2005/2226https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1445http://secunia.com/advisories/17334http://securitytracker.com/id?1015112http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1http://www.securityfocus.com/bid/15222http://www.vupen.com/english/advisories/2005/2226https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1445
2005-11-01
Published