Lucene search

[email protected]CVE-2010-0386

HistoryJan 25, 2010 - 7:30 p.m.

CVE-2010-0386

2010-01-2519:30:00

CWE-16

[email protected]

web.nvd.nist.gov

355

cve-2010-0386

sun java system application server

http trace method

remote attackers

authentication credentials

cross-site tracing (xst) attack

nvd

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

CPENameOperatorVersion
sun:java_system_application_serversun java system application servereq7.0

CPE	Name	Operator	Version
sun:java_system_application_server	sun java system application server	eq	7.0

References

sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1

6.1 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2010-0386

prion3 checkpoint_advisories1 openvas7 f52 cve4 nessus6 pentestpartners1 redhatcve1