CVE-2010-0386

Summary

CVE	CVE-2010-0386
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2010-01-25 19:30:00 UTC
Updated	2010-01-31 05:00:00 UTC
Description	The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

Risk And Classification

Problem Types: CWE-16

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Application	Sun	Java System Application Server	7.0	All	All	All
Application	Sun	Java System Application Server	7.0	All	platform	All
Application	Sun	Java System Application Server	7.0	All	standard	All
Application	Sun	Java System Application Server	7.0	All	All	All
Application	Sun	Java System Application Server	7.0	All	platform	All
Application	Sun	Java System Application Server	7.0	All	standard	All

References

Reference	Source	Link	Tags
#200942: Security Vulnerability With The HTTP TRACE Functionality in Sun Java System Application Server	SUNALERT	sunsolve.sun.com	Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

296059 Oracle Solaris 11.4 Support Repository Update (SRU) 36.0.1.101.2 Missing (CPUJUL2021)
296060 Oracle Solaris 11.4 Support Repository Update (SRU) 37.0.1.101.1 Missing (CPUJUL2021)