Lucene search

[email protected]CVE-2005-3398

HistoryNov 01, 2005 - 12:47 p.m.

CVE-2005-3398

2005-11-0112:47:00

CWE-200

[email protected]

web.nvd.nist.gov

372

solaris management console

solaris 8

solaris 9

solaris 10

http trace method

remote attackers

sensitive information

nvd

cve-2005-3398

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

CPENameOperatorVersion
sun:sunossun sunoseq5.8
sun:solarissun solariseq10.0
sun:solarissun solariseq9.0

CPE	Name	Operator	Version
sun:sunos	sun sunos	eq	5.8
sun:solaris	sun solaris	eq	10.0
sun:solaris	sun solaris	eq	9.0

References

secunia.com/advisories/17334

securitytracker.com/id?1015112

sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1

www.securityfocus.com/bid/15222

www.vupen.com/english/advisories/2005/2226

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1445

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.008 Low

EPSS

Percentile

81.5%

JSON

Related for CVE-2005-3398

openvas5 nessus5 cve3 prion3 redhatcve1 f52 pentestpartners1