Summary
This host has Sun Java System Application Server running which is prone to Cross Site Tracing vulnerability.
Impact
Successful exploitation lets the attackers to to get sensitive information, such as cookies or authentication data, contained in the HTTP headers.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
A Workaround is final resolution to this issue, for details refer http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
*****
NOTE : Ignore this warning, if above workaround has been applied.
*****
Insight
An error exists while processing HTTP TRACE method and returns contents of clients HTTP requests in the entity-body of the TRACE response. An attacker can use this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request.
Affected
Sun Java System Application Server Standard Edition 7 and later updates Sun Java System Application Server Standard Edition 7 2004Q2 and later updates
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2010-0386 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
- Apache OFBiz Multiple Cross Site Scripting Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability