This host has Sun Java System Application Server running which is prone to Cross Site Tracing vulnerability.

Successful exploitation lets the attackers to to get sensitive information, such as cookies or authentication data, contained in the HTTP headers. Impact Level: Application

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. A Workaround is final resolution to this issue, for details refer http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 ***** NOTE : Ignore this warning, if above workaround has been applied. *****

An error exists while processing HTTP TRACE method and returns contents of clients HTTP requests in the entity-body of the TRACE response. An attacker can use this behavior to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request.

Sun Java System Application Server Standard Edition 7 and later updates Sun Java System Application Server Standard Edition 7 2004Q2 and later updates

• http://www.kb.cert.org/vuls/id/867593

---

Updated on 2017-03-28