Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Sun ONE/iPlanet Web Server HTTP TRACE信息窃取漏洞
Vulnerability Description
Sun ONE/iPlanet是Sun公司推出的智能Web服务的软件组合系统,其中包含Sun ONE统一开发服务器,Sun ONE应用服务器可安装在Windows和Unix操作系统上。 Sun ONE/iPlanet对HTTP TRACE请求处理存在问题,远程攻击者可以利用这个漏洞窃取一些基于验证的如COOKIE等敏感信息 。问题是由于Sun ONE/iPlanet默认情况下对HTTP TRACE请求的应答处理不正确,结合跨站脚本问题及使用HTTP TRACE方法对Sun ONE/iPlanet服务器进行
CVSS Information
N/A
Vulnerability Type
N/A