{"api_version":"1","generated_at":"2026-05-13T02:11:25+00:00","cve":"CVE-2004-2320","urls":{"html":"https://cve.report/CVE-2004-2320","api":"https://cve.report/api/cve/CVE-2004-2320.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-2320","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-2320"},"summary":{"title":"CVE-2004-2320","description":"The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.","state":"PUBLISHED","assigner":"mitre","published_at":"2004-12-31 05:00:00","updated_at":"2025-04-03 01:03:51"},"problem_types":["CWE-200","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.kb.cert.org/vuls/id/867593","name":"http://www.kb.cert.org/vuls/id/867593","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","US Government Resource"],"title":"Vulnerability Note VU#867593 - Web servers enable HTTP TRACE method by default","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.osvdb.org/3726","name":"http://www.osvdb.org/3726","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"-1","archivestatus":"0"},{"url":"http://secunia.com/advisories/10726","name":"http://secunia.com/advisories/10726","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"],"title":"Secunia - Advisories - BEA WebLogic HTTP TRACE Response Cross-Site Scripting Issue","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14959","name":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14959","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"IBM X-Force Exchange","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.securityfocus.com/bid/9506","name":"http://www.securityfocus.com/bid/9506","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"WebLogic Server and Express HTTP TRACE Credential Theft Vulnerability","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"http://www.securitytracker.com/alerts/2004/Jan/1008866.html","name":"http://www.securitytracker.com/alerts/2004/Jan/1008866.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"],"title":"SecurityTracker.com Archives - WebLogic Server and Express Input Validation Flaw in Processing HTTP TRACE Requests Permits Cross-Site Scripting","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://dev2dev.bea.com/pub/advisory/68","name":"http://dev2dev.bea.com/pub/advisory/68","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Vendor Advisory"],"title":"Patches available to prevent compromise of user accounts","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-2320","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-2320","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"*","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"*","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp1","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp1","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp10","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp10","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp11","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp11","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp12","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp12","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp13","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp13","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp13","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp2","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp2","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp3","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp3","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp4","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp4","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp5","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp5","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp6","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp6","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp7","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp7","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp8","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp8","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp9","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"5.1","cpe7":"sp9","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"*","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"*","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp1","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp1","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp2","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp2","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp3","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp3","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp4","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp4","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp5","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp5","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"6.1","cpe7":"sp6","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"*","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"*","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp1","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp1","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp2","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp2","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp3","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp3","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp4","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"7.0","cpe7":"sp4","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"*","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"*","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"sp1","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"sp1","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"sp2","cpe8":"express","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2320","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"bea","cpe5":"weblogic_server","cpe6":"8.1","cpe7":"sp2","cpe8":"win32","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[{"cvename":"CVE-2004-2320","organization":"Red Hat","lastmodified":"2008-03-05","contributor":"Joshua Bressers","statementText":"The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required. For more information please see: http://www.apacheweek.com/issues/03-01-24#news","cve_year":"2004","cve_id":"2320","crc32":"2a23d007"}],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2004-2320","qid":"296059","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 36.0.1.101.2 Missing (CPUJUL2021)"},{"cve":"CVE-2004-2320","qid":"296060","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 37.0.1.101.1 Missing (CPUJUL2021)"}]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:22:13.662Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"weblogic-trace-xss(14959)","tags":["vdb-entry","x_refsource_XF","x_transferred"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14959"},{"name":"VU#867593","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/867593"},{"name":"BEA04-48.01","tags":["vendor-advisory","x_refsource_BEA","x_transferred"],"url":"http://dev2dev.bea.com/pub/advisory/68"},{"name":"9506","tags":["vdb-entry","x_refsource_BID","x_transferred"],"url":"http://www.securityfocus.com/bid/9506"},{"name":"10726","tags":["third-party-advisory","x_refsource_SECUNIA","x_transferred"],"url":"http://secunia.com/advisories/10726"},{"name":"1008866","tags":["vdb-entry","x_refsource_SECTRACK","x_transferred"],"url":"http://www.securitytracker.com/alerts/2004/Jan/1008866.html"},{"name":"3726","tags":["vdb-entry","x_refsource_OSVDB","x_transferred"],"url":"http://www.osvdb.org/3726"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2004-01-27T00:00:00.000Z","descriptions":[{"lang":"en","value":"The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2017-07-10T14:57:01.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"weblogic-trace-xss(14959)","tags":["vdb-entry","x_refsource_XF"],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14959"},{"name":"VU#867593","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/867593"},{"name":"BEA04-48.01","tags":["vendor-advisory","x_refsource_BEA"],"url":"http://dev2dev.bea.com/pub/advisory/68"},{"name":"9506","tags":["vdb-entry","x_refsource_BID"],"url":"http://www.securityfocus.com/bid/9506"},{"name":"10726","tags":["third-party-advisory","x_refsource_SECUNIA"],"url":"http://secunia.com/advisories/10726"},{"name":"1008866","tags":["vdb-entry","x_refsource_SECTRACK"],"url":"http://www.securitytracker.com/alerts/2004/Jan/1008866.html"},{"name":"3726","tags":["vdb-entry","x_refsource_OSVDB"],"url":"http://www.osvdb.org/3726"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-2320","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"weblogic-trace-xss(14959)","refsource":"XF","url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/14959"},{"name":"VU#867593","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/867593"},{"name":"BEA04-48.01","refsource":"BEA","url":"http://dev2dev.bea.com/pub/advisory/68"},{"name":"9506","refsource":"BID","url":"http://www.securityfocus.com/bid/9506"},{"name":"10726","refsource":"SECUNIA","url":"http://secunia.com/advisories/10726"},{"name":"1008866","refsource":"SECTRACK","url":"http://www.securitytracker.com/alerts/2004/Jan/1008866.html"},{"name":"3726","refsource":"OSVDB","url":"http://www.osvdb.org/3726"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-2320","datePublished":"2005-08-16T04:00:00.000Z","dateReserved":"2005-08-16T00:00:00.000Z","dateUpdated":"2024-08-08T01:22:13.662Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2004-12-31 05:00:00","lastModifiedDate":"2025-04-03 01:03:51","problem_types":["CWE-200","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:*:express:*:*:*:*:*","matchCriteriaId":"A8F69E7A-8BBB-4D20-AEE9-F37155AD5C3F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:*:win32:*:*:*:*:*","matchCriteriaId":"F119CDFF-214B-42E3-AF10-D8172D4A18E0"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp1:*:*:*:*:*:*","matchCriteriaId":"2B393A66-08A6-4EBA-B01E-BB6418423F79"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp1:express:*:*:*:*:*","matchCriteriaId":"0FAB4F19-EFE0-4860-B9E9-E3938A36AE17"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp1:win32:*:*:*:*:*","matchCriteriaId":"56955D93-989A-4746-A3FC-1C99A749FAAD"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp10:*:*:*:*:*:*","matchCriteriaId":"B2B4C4E8-2862-457F-BDCC-3F54B8F7AADE"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp10:express:*:*:*:*:*","matchCriteriaId":"16324B74-4143-473D-858F-B5B1899822B3"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp10:win32:*:*:*:*:*","matchCriteriaId":"6ABD1B84-730D-479B-BB39-98C7D5C2373D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp11:*:*:*:*:*:*","matchCriteriaId":"47974FFB-1B28-492B-9A83-78AF16CF62CC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp11:express:*:*:*:*:*","matchCriteriaId":"DFA4200B-3877-4FC9-B2AB-E51675CAD71F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp11:win32:*:*:*:*:*","matchCriteriaId":"9787A30B-B85C-4434-AE28-03F5B5C8DEBC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*","matchCriteriaId":"6F27425D-1754-44AE-A4B5-F27D5FA6A052"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp12:express:*:*:*:*:*","matchCriteriaId":"B1C2B98A-EF68-4569-B50C-8F21D2298435"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp12:win32:*:*:*:*:*","matchCriteriaId":"F80AE1DC-B4B6-4E8C-A199-BFF64B0563F9"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp13:*:*:*:*:*:*","matchCriteriaId":"034C62E6-3598-4D66-A0BD-8BD2E67048C5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp13:express:*:*:*:*:*","matchCriteriaId":"7D5A058C-D9DD-4B78-815E-40E27EC1C6BB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp13:win32:*:*:*:*:*","matchCriteriaId":"73589C92-14F1-494E-B264-A632A03DFCCF"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*","matchCriteriaId":"99D0A3A8-1444-4DA4-AEF3-08578482574C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp2:express:*:*:*:*:*","matchCriteriaId":"8B0B183B-95A3-463D-B76B-50640F554013"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp2:win32:*:*:*:*:*","matchCriteriaId":"FD3C09F5-6E4A-43C4-8AEB-7DBBDE9DCC33"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp3:*:*:*:*:*:*","matchCriteriaId":"523836A4-0110-4CD3-A81E-988A02AEA68C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp3:express:*:*:*:*:*","matchCriteriaId":"36A0EFDA-409E-44F0-9F8B-167A72D2361B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp3:win32:*:*:*:*:*","matchCriteriaId":"8ACD6465-6904-4F6B-92F0-02078D0B41BC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*","matchCriteriaId":"A705EB67-3961-445F-8023-F82C7618BE2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:*:*:*:*:*","matchCriteriaId":"51A8AB95-FB23-4A7A-A6F5-EF442EAABD26"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:*:*:*:*:*","matchCriteriaId":"BDF43AB2-1778-4B6D-B766-FF71DBE3C0A5"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp5:*:*:*:*:*:*","matchCriteriaId":"BD698DD8-5491-4A73-A527-8C9228992A2D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp5:express:*:*:*:*:*","matchCriteriaId":"5F00947F-1804-41D5-8F2B-7E48C77B1306"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp5:win32:*:*:*:*:*","matchCriteriaId":"13C06026-2AC9-4419-A7B8-9F0ECDD8DBD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*","matchCriteriaId":"86C4679F-F13F-4A97-AE42-BC54BD0F149C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*","matchCriteriaId":"114E5E3E-84B2-4DD3-98FC-2ABFFA41BAD4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:*:*:*:*:*","matchCriteriaId":"883ABAC3-3D2D-4D1A-8125-96A7CC0CE93D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp7:*:*:*:*:*:*","matchCriteriaId":"EF96A26E-7284-43A0-BD6A-907E1029197D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp7:express:*:*:*:*:*","matchCriteriaId":"9B6656CF-65ED-4F8E-B9F2-75A9DC1571D7"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp7:win32:*:*:*:*:*","matchCriteriaId":"0DDF3D79-F7B0-4FB2-B22C-B432BDC24B04"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp8:*:*:*:*:*:*","matchCriteriaId":"C8479B6C-464F-41BC-BF81-31EA74CEF4D2"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp8:express:*:*:*:*:*","matchCriteriaId":"7C013AE2-4B06-437A-815F-FAADD28CFA85"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp8:win32:*:*:*:*:*","matchCriteriaId":"F13D9A20-173F-46AB-8473-E69F6D617112"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp9:*:*:*:*:*:*","matchCriteriaId":"B08241CF-0F3D-44E2-8D72-4F98413933EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp9:express:*:*:*:*:*","matchCriteriaId":"D7306C09-BFBA-4DC0-8EA1-E5A5C0BC080F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:5.1:sp9:win32:*:*:*:*:*","matchCriteriaId":"BC28783D-34C6-49B7-A02F-059DED18E71D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*","matchCriteriaId":"1FDCF6AE-43DC-4AE5-9260-CA657F40BE77"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*","matchCriteriaId":"05AFBE78-C611-4EA2-8B00-5F8B61696CBE"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*","matchCriteriaId":"AC5439C1-D06F-44C6-94F5-2BD8598A506C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*","matchCriteriaId":"5DFE26B3-31F2-4FC0-854D-56EA4D08C28A"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*","matchCriteriaId":"C3B7752C-B297-480A-B3FC-948EA081670C"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*","matchCriteriaId":"E40C38EC-ECA4-4F0C-8468-16191CDB9997"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*","matchCriteriaId":"63017BF8-D681-45EC-9C31-09D029F1126D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*","matchCriteriaId":"71892EC0-E6B1-4214-AC53-06489F711829"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*","matchCriteriaId":"C4FD8871-680E-40F9-85AB-417B5195D4BE"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*","matchCriteriaId":"8E0B1791-974A-4967-8CF9-33BE8183200B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*","matchCriteriaId":"696F52AE-FEB9-4090-872E-FDFD969F5604"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*","matchCriteriaId":"2B4BC3F5-BFE8-4834-B427-B6260D5B7A85"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*","matchCriteriaId":"7B12A8B1-F78E-46B3-8872-4C6484345477"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*","matchCriteriaId":"DCED03B6-7565-4F53-8D85-F3391BF66988"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*","matchCriteriaId":"D2FE768F-363B-49BC-8410-739B164FB32E"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*","matchCriteriaId":"CB2FB0E9-3812-49C5-94F4-3B39D5BE2EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*","matchCriteriaId":"B70F0353-635F-465B-A7E5-AF2D017AB008"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*","matchCriteriaId":"D3DA28D0-18CC-4F99-AABB-EC7863CBD455"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*","matchCriteriaId":"6B091903-943F-4822-9F24-9D109B2D76A4"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*","matchCriteriaId":"CE1D6EE4-8545-4D0A-A50B-C8009F054DC2"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*","matchCriteriaId":"F9C5AFCF-79D8-4005-B800-B0C6BD461276"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*","matchCriteriaId":"FBDF3AC0-0680-4EEE-898C-47D194667BE2"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*","matchCriteriaId":"8DEDDAF2-555D-4425-B4B6-65B1E9C21FF1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*","matchCriteriaId":"6828CE4B-91E8-4688-977F-DC7BC21131C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*","matchCriteriaId":"BBDB9094-78E8-4CBF-9F5F-321D5174F1EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*","matchCriteriaId":"9CD2BB36-AC0B-48E9-91E1-A4465896E87A"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*","matchCriteriaId":"E141AA86-C6D0-4FA8-9268-0FB0635DF9CF"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*","matchCriteriaId":"6FB8930F-C6D8-40B9-8D08-751F5B47229B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*","matchCriteriaId":"A5C59B80-279B-45B3-9CC1-5A263681025B"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*","matchCriteriaId":"893D9D88-43C4-4F9F-A364-0585DE6FA9E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*","matchCriteriaId":"D59F9859-7344-43F0-9348-E57FABB9E431"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*","matchCriteriaId":"D2D05BAB-AB3B-466E-8301-01A41644DE77"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*","matchCriteriaId":"D34E2925-DE2A-437F-B349-BD7103F4C37E"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*","matchCriteriaId":"0A4EC87D-EF83-48C5-B516-A6A482D9F525"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*","matchCriteriaId":"935F28E3-9799-4EF6-AB83-62E9C214DD0D"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*","matchCriteriaId":"E08D4CEA-9ACC-4869-BC87-3524A059914F"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*","matchCriteriaId":"ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*","matchCriteriaId":"A3DFE048-905E-4890-809D-F6BCEF7F83C9"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*","matchCriteriaId":"6F5B2A06-CE19-4A57-9566-09FC1E259CDB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*","matchCriteriaId":"F7560131-A6AC-4BBB-AA2D-C7C63AB51226"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*","matchCriteriaId":"349036A0-B5E2-4656-8D2D-26BEE9EF9DFB"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*","matchCriteriaId":"D18E22CC-A0FC-4BC7-AD39-2645F57486C1"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*","matchCriteriaId":"893C2387-03E3-4F8E-9029-BC64C64239EF"},{"vulnerable":true,"criteria":"cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*","matchCriteriaId":"D00633D1-4B38-48D9-B5CD-E8D66EA90599"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"2320","Ordinal":"1","Title":"CVE-2004-2320","CVE":"CVE-2004-2320","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"2320","Ordinal":"1","NoteData":"The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.","Type":"Description","Title":"CVE-2004-2320"},{"CveYear":"2004","CveId":"2320","Ordinal":"2","NoteData":"2005-08-16","Type":"Other","Title":"Published"},{"CveYear":"2004","CveId":"2320","Ordinal":"3","NoteData":"2017-07-10","Type":"Other","Title":"Modified"}]}}}