Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
CVE ID: | CVE-2004-2320 |
Description: | The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. |
Test IDs: | 1.3.6.1.4.1.25623.1.0.11213 1.3.6.1.4.1.25623.1.0.55447 |
Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2004-2320 http://dev2dev.bea.com/pub/advisory/68 BugTraq ID: 9506 http://www.securityfocus.com/bid/9506 CERT/CC vulnerability note: VU#867593 http://www.kb.cert.org/vuls/id/867593 http://www.osvdb.org/3726 http://www.securitytracker.com/alerts/2004/Jan/1008866.html http://secunia.com/advisories/10726 XForce ISS Database: weblogic-trace-xss(14959) https://exchange.xforce.ibmcloud.com/vulnerabilities/14959 |