NGS00106 Technical Advisory: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability

======= Summary ======= Name: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability Release Date: 5 January 2012 Reference: NGS00106 Discoverer: David Spencer [email protected] Vendor: Oracle Vendor Reference: Systems Affecte...

Oracle GlassFish Server Administration Bypass

======= Summary ======= Name: Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass Vulnerability Release Date: 5 January 2012 Reference: NGS00106 Discoverer: David Spencer Vendor: Oracle Vendor Reference: Systems Affected: Oracle GlassFish Server 2...

Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability

The host is running Mbedthis AppWeb Server and is prone to cross site scripting vulnerability. OpenVAS Vulnerability Test $Id: gbmbedthiswebapphttptracemethodxssvuln.nasl 7052 2017-09-04 11:50:51Z teissa $ Mbedthis AppWeb HTTP TRACE Method Cross-Site Scripting Vulnerability Authors: Rachana Shett...

Oracle Java GlassFish Server Security Bypass Vulnerability (May 2011)

Oracle GlassFish Server is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...

openSUSE Security Update : java-1_6_0-openjdk (openSUSE-SU-2010:0957-1)

Icedtea included in java-160-openjdk was updated to version 1.7.5/1.8.2/1.9.1 to fix several security issues : - S6914943, CVE-2009-3555: TLS: MITM attacks via session renegotiation - S6559775, CVE-2010-3568: OpenJDK Deserialization Race condition - S6891766, CVE-2010-3554: OpenJDK corba reflecti...

Sun Java System Application Server Cross-Site Tracing Vulnerability

Sun Java System Application Server is prone to a cross-site tracing vulnerability. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

CVE-2010-0386

CVE-2010-0386 affects Sun Java System Application Server 7 and 7 2004Q2. The default config enables HTTP TRACE, enabling remote attackers to steal cookies and authentication credentials via cross-site tracing (XST); related to CVE-2004-2763 and CVE-2005-3398. The connected documents provide the v...

CVE-2010-0386

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and CVE-2005-3398...

CVE-2008-7253

The default configuration of the web server in IBM Lotus Domino Server, possibly 6.0 through 8.0, enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing XST attack, a related issue to CVE-2004-2763 and...

Mandriva Update for apache-conf MDVSA-2009:300-2 (apache-conf)

Check for the Version of apache-conf OpenVAS Vulnerability Test Mandriva Update for apache-conf MDVSA-2009:300-2 apache-conf Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Cross site scripting

The Apache HTTP Server in Apple Mac OS X before 10.6.2 enables the HTTP TRACE method, which allows remote attackers to conduct cross-site scripting XSS attacks via unspecified web client software...

http-trace NSE Script

Sends an HTTP TRACE request and shows if the method TRACE is enabled. If debug is enabled, it returns the header fields that were modified in the response. Script Arguments http-trace.path Path to URI slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size,...

Cross site scripting

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing XST attacks, a related issue to CVE-2004-2320 and CVE-2005-3398...

CVE-2007-3008

Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing XST attacks, a related issue to CVE-2004-2320 and CVE-2005-3398...

CVE-2007-3008

CVE-2007-3008 affects Mbedthis AppWeb prior to 2.2.2. The vulnerability is that HTTP TRACE is enabled, which can lead to information leakage and cross-site tracing (XST) concerns. This entry is corroborated by related advisories in the connected documents, which note the TRACE method as the root ...

FreeBSD : Squid -- TRACE method handling denial of service (c27bc173-d7aa-11db-b141-0016179b2dd5)

Squid advisory 2007:1 notes : Due to an internal error Squid-2.6 is vulnerable to a denial of service attack when processing the TRACE request method. Workarounds : To work around the problem deny access to using the TRACE method by inserting the following two lines before your first httpaccess...

squid cache proxy DoS

DoS on processing TRACE method...