71 matches found
TRACE
No d...
CVE-2010-0386
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...
EUVD-2011-5025
Malware in sbrugna...
EUVD-2005-4865
Malware in sbrugna...
EUVD-2010-0417
Malware in sbrugna...
EUVD-2012-2217
Malware in sbrugna...
EUVD-2008-7209
Malware in sbrugna...
CVE-2011-5125
Cross-site scripting XSS vulnerability in Blue Coat Director before 5.5.2.3 allows remote attackers to inject arbitrary web script or HTML via vectors involving the HTTP TRACE method...
CVE-2008-7253
The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...
Information Disclosure
trafficserver is vulnerable to Information Disclosure. The vulnerability allows an unauthorized malicious attacker to gain access to network information using the trace method within trafficserver...
K2452: Vulnerabilities in the HTTP TRACE method - VU#867593
Security Advisory Description Note : Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to K4602: Overview of the F...
K15904: Multiple third-party application-server vulnerabilities
Security Advisory Description CVE-2003-1418 Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote attackers to obtain sensitive information via 1 the ETag header, which reveals the inode number, or 2 multipart MIME boundary, which reveals child proccess IDs PID. CVE-2004-2320 The...
SUSE CVE-2009-2823
The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...
SUSE CVE-2010-0386
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...
CVE-2022-38115
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT...
Mozilla: Cross-Site Tracing was possible via non-standard override headers
The Mozilla Foundation Security Advisory describes this flaw as: Cross-Site Tracing occurs when a server will echo a request back via the Trace method, allowing an XSS attack to access to authorization headers and cookies inaccessible to JavaScript such as cookies protected by HTTPOnly. To mitiga...
Security Bulletin: HTTP Trace Method is enabled
Summary HTTP Trace Method is enabled Vulnerability Details Third Party Entry: PSIRT-ADV0017246 DESCRIPTION: Created from Advisory: ADV0017246 CVSS Base score: 5.3 CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products and Versions Affected Products| Versions ---|--- UCD - IBM...
CVE-2018-2502
CVE-2018-2502 affects SAP Business One Service Layer (B1_ON_HANA) with TRACE method enabled, enabling potential Cross Site Tracing (XST) when frontend applications expose an XSS vulnerability. The connected documents specify the vulnerable component as SAP Business One Service Layer and reference...
CVE-2018-2502
TRACE method is enabled in SAP Business One Service Layer . Attacker can use XST Cross Site Tracing attack if frontend applications that are using Service Layer has a XSS vulnerability. This has been fixed in SAP Business One Service Layer B1ONHANA, versions 9.2, 9.3...
Spring Framework Cross-Site Tracking Vulnerability
Pivotal Spring Framework is the United States Pivotal Software's set of open source Java, Java EE application framework. The framework helps developers build high-quality applications . A security vulnerability exists in Pivotal Spring Framework versions 5.0.x prior to 5.0.7, 4.3.x prior to 4.3.1...