Lucene search
HistoryApr 11, 2012 - 10:39 a.m.
CVE-2012-2223
novell
zenworks
configuration management
zcm
vulnerability
cve-2012-2223
xst
http trace
6.7 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.4%
The xplat agent in Novell ZENworks Configuration Management (ZCM) 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing (XST) attacks via unspecified vectors.
Affected configurations
Node
novellzenworks_configuration_managementMatch10.3
ORnovellzenworks_configuration_managementMatch10.3.1
ORnovellzenworks_configuration_managementMatch10.3.2
ORnovellzenworks_configuration_managementMatch10.3.3
ORnovellzenworks_configuration_managementMatch11
ORnovellzenworks_configuration_managementMatch11.1
ORnovellzenworks_configuration_managementMatch11.1a
Related
nvd
nvd
CVE-2012-2223
2012-04-11 10:39:27
cvelist
cvelist
CVE-2012-2223
2012-04-11 10:00:00
prion
prion
Cross site scripting
2012-04-11 10:39:00
nessus
nessus
openvas
openvas
HTTP Debugging Methods (TRACE/TRACK) Enabled
2005-11-03 00:00:00
6.7 Medium
AI Score
Confidence
Low
4.3 Medium
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.4%
Related for CVE-2012-2223