← voltar
CVE-2004-2320

CVE-2004-2320

CVSS 5.3 MEDIUMEPSS 2.6%CWE-200
Vexday Risk Score
13Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 5.3EPSS 2.6%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
16 ago 2005Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Produtos afetados
n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
http://dev2dev.bea.com/pub/advisory/68http://secunia.com/advisories/10726https://exchange.xforce.ibmcloud.com/vulnerabilities/14959http://www.kb.cert.org/vuls/id/867593http://www.osvdb.org/3726http://www.securityfocus.com/bid/9506http://www.securitytracker.com/alerts/2004/Jan/1008866.html