Lucene search
HistoryDec 31, 2004 - 5:00 a.m.
CVE-2004-2320
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
77.8%
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Affected configurations
Node
beaweblogic_serverMatch5.1express
ORbeaweblogic_serverMatch5.1win32
ORbeaweblogic_serverMatch5.1sp1
ORbeaweblogic_serverMatch5.1sp1express
ORbeaweblogic_serverMatch5.1sp1win32
ORbeaweblogic_serverMatch5.1sp10
ORbeaweblogic_serverMatch5.1sp10express
ORbeaweblogic_serverMatch5.1sp10win32
ORbeaweblogic_serverMatch5.1sp11
ORbeaweblogic_serverMatch5.1sp11express
ORbeaweblogic_serverMatch5.1sp11win32
ORbeaweblogic_serverMatch5.1sp12
ORbeaweblogic_serverMatch5.1sp12express
ORbeaweblogic_serverMatch5.1sp12win32
ORbeaweblogic_serverMatch5.1sp13
ORbeaweblogic_serverMatch5.1sp13express
ORbeaweblogic_serverMatch5.1sp13win32
ORbeaweblogic_serverMatch5.1sp2
ORbeaweblogic_serverMatch5.1sp2express
ORbeaweblogic_serverMatch5.1sp2win32
ORbeaweblogic_serverMatch5.1sp3
ORbeaweblogic_serverMatch5.1sp3express
ORbeaweblogic_serverMatch5.1sp3win32
ORbeaweblogic_serverMatch5.1sp4
ORbeaweblogic_serverMatch5.1sp4express
ORbeaweblogic_serverMatch5.1sp4win32
ORbeaweblogic_serverMatch5.1sp5
ORbeaweblogic_serverMatch5.1sp5express
ORbeaweblogic_serverMatch5.1sp5win32
ORbeaweblogic_serverMatch5.1sp6
ORbeaweblogic_serverMatch5.1sp6express
ORbeaweblogic_serverMatch5.1sp6win32
ORbeaweblogic_serverMatch5.1sp7
ORbeaweblogic_serverMatch5.1sp7express
ORbeaweblogic_serverMatch5.1sp7win32
ORbeaweblogic_serverMatch5.1sp8
ORbeaweblogic_serverMatch5.1sp8express
ORbeaweblogic_serverMatch5.1sp8win32
ORbeaweblogic_serverMatch5.1sp9
ORbeaweblogic_serverMatch5.1sp9express
ORbeaweblogic_serverMatch5.1sp9win32
ORbeaweblogic_serverMatch6.1
ORbeaweblogic_serverMatch6.1express
ORbeaweblogic_serverMatch6.1win32
ORbeaweblogic_serverMatch6.1sp1
ORbeaweblogic_serverMatch6.1sp1express
ORbeaweblogic_serverMatch6.1sp1win32
ORbeaweblogic_serverMatch6.1sp2
ORbeaweblogic_serverMatch6.1sp2express
ORbeaweblogic_serverMatch6.1sp2win32
ORbeaweblogic_serverMatch6.1sp3
ORbeaweblogic_serverMatch6.1sp3express
ORbeaweblogic_serverMatch6.1sp3win32
ORbeaweblogic_serverMatch6.1sp4
ORbeaweblogic_serverMatch6.1sp4express
ORbeaweblogic_serverMatch6.1sp4win32
ORbeaweblogic_serverMatch6.1sp5
ORbeaweblogic_serverMatch6.1sp5express
ORbeaweblogic_serverMatch6.1sp5win32
ORbeaweblogic_serverMatch6.1sp6
ORbeaweblogic_serverMatch6.1sp6win32
ORbeaweblogic_serverMatch7.0
ORbeaweblogic_serverMatch7.0express
ORbeaweblogic_serverMatch7.0win32
ORbeaweblogic_serverMatch7.0sp1
ORbeaweblogic_serverMatch7.0sp1express
ORbeaweblogic_serverMatch7.0sp1win32
ORbeaweblogic_serverMatch7.0sp2
ORbeaweblogic_serverMatch7.0sp2express
ORbeaweblogic_serverMatch7.0sp2win32
ORbeaweblogic_serverMatch7.0sp3
ORbeaweblogic_serverMatch7.0sp3express
ORbeaweblogic_serverMatch7.0sp3win32
ORbeaweblogic_serverMatch7.0sp4
ORbeaweblogic_serverMatch7.0sp4express
ORbeaweblogic_serverMatch7.0sp4win32
ORbeaweblogic_serverMatch8.1
ORbeaweblogic_serverMatch8.1express
ORbeaweblogic_serverMatch8.1win32
ORbeaweblogic_serverMatch8.1sp1
ORbeaweblogic_serverMatch8.1sp1express
ORbeaweblogic_serverMatch8.1sp1win32
ORbeaweblogic_serverMatch8.1sp2
ORbeaweblogic_serverMatch8.1sp2express
ORbeaweblogic_serverMatch8.1sp2win32
Related
cve
cve
CVE-2004-2320
2005-08-16 04:00:00
CVE-2007-3008
2007-06-04 17:30:00
nessus
nessus
WebLogic < 8.1 SP3 Multiple Vulnerabilities
2004-09-14 00:00:00
HTTP TRACE / TRACK Methods Allowed
2003-01-23 00:00:00
HTTP Reverse Proxy Detection (Deprecated)
2002-07-02 00:00:00
cvelist
cvelist
CVE-2004-2320
2005-08-16 04:00:00
CVE-2007-3008
2007-06-04 17:00:00
redhatcve
redhatcve
CVE-2004-2320
2015-10-30 09:39:58
CVE-2007-3008
2015-10-30 09:28:33
openvas
openvas
http TRACE XSS attack
2005-11-03 00:00:00
Buffalo Buffalo LS210D < 1.82 Multiple Vulnerabilities
2024-05-17 00:00:00
HTTP Debugging Methods (TRACE/TRACK) Enabled
2005-11-03 00:00:00
prion
prion
Cross site scripting
2007-06-04 17:30:00
nvd
nvd
CVE-2007-3008
2007-06-04 17:30:00
f5
f5
K15904 : Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
SOL15904 - Multiple third-party application-server vulnerabilities
2014-12-11 00:00:00
pentestpartners
pentestpartners
Vulnerabilities that arenβt. Cross Site Tracing / XST
2022-01-25 06:08:46
5.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
6 Medium
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
77.8%
Related for NVD:CVE-2004-2320