Cross site scripting

Cross-site scripting XSS vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method...

CVE-2011-5125

Cross-site scripting XSS vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method...

CVE-2012-2223

The xplat agent in Novell ZENworks Configuration Management ZCM 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing XST attacks via unspecified vectors...

CVE-2012-2223

The xplat agent in Novell ZENworks Configuration Management ZCM 10.3.x before 10.3.4 and 11.x before 11.2 enables the HTTP TRACE method, which might make it easier for remote attackers to conduct cross-site tracing XST attacks via unspecified vectors...

Novell ZENworks Configuration Management 10.3 < 10.3.4 Multiple Vulnerabilities

ZENworks Configuration Management, configuration management software from Novell, is installed on the remote Windows host. According to its version, it is affected by several vulnerabilities : - An unspecified vulnerability with regards to the HTTP TRACE method. - An unspecified vulnerability wit...

Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability

The host is running Mbedthis AppWeb Server and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmbedthiswebapphttptracemethodxssvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability Authors: Rachana Shett...

Sun Java System Application Server Cross-Site Tracing Vulnerability

Sun Java System Application Server is prone to a cross-site tracing vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

CVE-2010-0386

CVE-2010-0386 affects Sun Java System Application Server 7 and 7 2004Q2. The default config enables HTTP TRACE, enabling remote attackers to steal cookies and authentication credentials via cross-site tracing (XST); related to CVE-2004-2763 and CVE-2005-3398. The connected documents provide the v...

CVE-2010-0386

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...

CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)

Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVSA-2009:300-2 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Cross site scripting

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...

Cross site scripting

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing XST attacks, a related issue to CVE-2004-2320 and CVE-2005-3398...

CVE-2007-3008

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing XST attacks, a related issue to CVE-2004-2320 and CVE-2005-3398...

CVE-2007-3008

CVE-2007-3008 affects Mbedthis AppWeb prior to 2.2.2. The vulnerability is that HTTP TRACE is enabled, which can lead to information leakage and cross-site tracing (XST) concerns. This entry is corroborated by related advisories in the connected documents, which note the TRACE method as the root ...

CVE-2005-4874

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain 1 proxy authentication passwords via a request with a "Max-Forwards: 0" header or 2 arbitrary local passwords on the web server that hosts this object...

CVE-2005-4874

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain 1 proxy authentication passwords via a request with a "Max-Forwards: 0" header or 2 arbitrary local passwords on the web server that hosts this object...

CVE-2005-3398

CVE-2005-3398 relates to the Solaris Management Console web server in Solaris 8/9/10 where the HTTP TRACE method is enabled by default. The effect is potential cross-site tracing information leakage (e.g., cookies or headers) through TRACE requests. Connected docs confirm the TRACE issue as a rec...