127 matches found
CVE-2008-7253
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...
CVE-2010-0386
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...
CVE-2008-7253
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...
CVE-2010-0386
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...
CVE-2010-0386
CVE-2010-0386 affects Sun Java System Application Server 7 and 7 2004Q2. The default config enables HTTP TRACE, enabling remote attackers to steal cookies and authentication credentials via cross-site tracing (XST); related to CVE-2004-2763 and CVE-2005-3398. The connected documents provide the v...
CVE-2008-7253
The CVE-2008-7253 entry describes a vulnerability in IBM Lotus Domino Server where the default web server configuration enables the HTTP TRACE method (potentially in Domino Server versions 6.0–8.0). This enables an XST-style exposure that could allow remote attackers to steal cookies and authenti...
Design/Logic Flaw
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
CVE-2010-0360
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
CVE-2010-0360
The Sun Java System Web Server 7.0 Update 7 contains a heap-based memory overflow in the HTTP TRACE path. Specifically, a malformed TRACE request with a long URI and many empty headers can cause heap corruption and expose memory contents, enabling remote attackers to overwrite and read heap memor...
CVE-2010-0360
Sun Java System Web Server aka SJWS 7.0 Update 7 allows remote attackers to overwrite memory locations in the heap, and discover the contents of memory locations, via a malformed HTTP TRACE request that includes a long URI and many empty headers, related to an "overflow." NOTE: this might overlap...
Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)
Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVSA-2009:300-2 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...
Cross site scripting
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...
CVE-2009-2823
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...
CVE-2009-2823
CVE-2009-2823 affects Apache HTTP Server on Mac OS X prior to 10.6.2, where TRACE was enabled by default. This allows remote attackers to perform cross-site scripting (XSS) via unspecified web client software. The vulnerability is documented in vendor advisories (Apple/Mac OS X update) and is rei...
CVE-2004-2763
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing XST attacks in applications that are vulnerable to cross-site scripting...
CVE-2004-2763
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing XST attacks in applications that are vulnerable to cross-site scripting...
HTTP Options Detection
Display available HTTP options for each system This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'HTTP Options Detection', 'Description' = 'Display available HTTP options for each system', 'Author...
CVE-2003-1567
The CVE-2003-1567 issue concerns the undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0, which reportedly echoes parts of the original request back in the response body. This behavior could allow remote attackers to read sensitive information from HTTP headers, includi...
SOL2452 - Vulnerabilities in the HTTP TRACE method - VU#867593
Note: Versions that are not listed in this Solution have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to SOL4602: Overview of F5 security vulnerability respons...
http-trace NSE Script
Sends an HTTP TRACE request and shows if the method TRACE is enabled. If debug is enabled, it returns the header fields that were modified in the response. Script Arguments http-trace.path Path to URI slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size,...