{"api_version":"1","generated_at":"2026-05-13T02:11:29+00:00","cve":"CVE-2004-2763","urls":{"html":"https://cve.report/CVE-2004-2763","api":"https://cve.report/api/cve/CVE-2004-2763.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2004-2763","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2004-2763"},"summary":{"title":"CVE-2004-2763","description":"The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.","state":"PUBLISHED","assigner":"mitre","published_at":"2009-06-01 22:30:00","updated_at":"2026-04-23 00:35:47"},"problem_types":["CWE-16","n/a"],"metrics":[{"version":"2.0","source":"nvd@nist.gov","type":"Primary","score":"5.8","severity":"","vector":"AV:N/AC:M/Au:N/C:P/I:P/A:N","data":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"}}],"references":[{"url":"http://www.kb.cert.org/vuls/id/867593","name":"http://www.kb.cert.org/vuls/id/867593","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["US Government Resource"],"title":"Vulnerability Note VU#867593 - Web servers enable HTTP TRACE method by default","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf","name":"http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit"],"title":"Access denied | www.cgisecurity.com used Cloudflare to restrict access","mime":"application/pdf","httpstatus":"403","archivestatus":"200"},{"url":"http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html","name":"http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"RUS-CERT - Home","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2004-2763","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2004-2763","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"n/a","product":"n/a","version":"affected n/a","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp1","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp10","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp11","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp12","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp2","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp3","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp4","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp5","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp6","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp7","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp8","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"4.1","cpe7":"sp9","cpe8":"enterprise","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"6.0","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"6.0","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"6.0","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"6.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"iplanet_web_server","cpe6":"6.0","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp10","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp11","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp12","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp6","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp7","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp8","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"4.1","cpe7":"sp9","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"6.0","cpe7":"sp3","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"6.0","cpe7":"sp4","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"6.0","cpe7":"sp5","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"6.1","cpe7":"sp1","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2004","cve_id":"2763","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"sun","cpe5":"one_web_server","cpe6":"6.1","cpe7":"sp2","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2024-08-08T01:36:25.490Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"name":"VU#867593","tags":["third-party-advisory","x_refsource_CERT-VN","x_transferred"],"url":"http://www.kb.cert.org/vuls/id/867593"},{"name":"50603","tags":["vendor-advisory","x_refsource_SUNALERT","x_transferred"],"url":"http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"}],"title":"CVE Program Container"}],"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"descriptions":[{"lang":"en","value":"The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2009-06-01T22:00:00.000Z","orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre"},"references":[{"name":"VU#867593","tags":["third-party-advisory","x_refsource_CERT-VN"],"url":"http://www.kb.cert.org/vuls/id/867593"},{"name":"50603","tags":["vendor-advisory","x_refsource_SUNALERT"],"url":"http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"},{"tags":["x_refsource_MISC"],"url":"http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2004-2763","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"VU#867593","refsource":"CERT-VN","url":"http://www.kb.cert.org/vuls/id/867593"},{"name":"50603","refsource":"SUNALERT","url":"http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html"},{"name":"http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf","refsource":"MISC","url":"http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf"}]}}}},"cveMetadata":{"assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","cveId":"CVE-2004-2763","datePublished":"2009-06-01T22:00:00.000Z","dateReserved":"2009-06-01T00:00:00.000Z","dateUpdated":"2024-09-17T00:11:42.049Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"},"nvd":{"publishedDate":"2009-06-01 22:30:00","lastModifiedDate":"2026-04-23 00:35:47","problem_types":["CWE-16","n/a"],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:N","baseScore":5.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":4.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*","matchCriteriaId":"15614FEE-BE44-493D-8F4B-B68F90BA1C4D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*","matchCriteriaId":"EAFDD45B-9AA9-46A9-9452-6F7026DAB8B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*","matchCriteriaId":"881584F0-6E53-4E08-A394-911CCD7179B0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*","matchCriteriaId":"74307012-2D6B-4D7E-BB6E-B6515E37149D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*","matchCriteriaId":"1AA735E6-0E26-47E0-B779-8688B058847E"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:*","matchCriteriaId":"2CACFD40-A33F-4C4C-8CC1-3111E3399D07"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:*","matchCriteriaId":"17872BB7-BD29-4EB8-8270-97157B991336"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:*","matchCriteriaId":"12A2A214-156B-4092-B72E-55875A068EED"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*","matchCriteriaId":"5608C463-921D-4640-B9F5-1C7E2F99DFA6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*","matchCriteriaId":"CC15E6D1-5E34-4BA0-83AA-32843BBE34EC"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*","matchCriteriaId":"1BB8A1FD-2B13-4D52-A685-822FC49D61D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*","matchCriteriaId":"B199A631-70D8-4FA5-BFAA-46EA768223D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*","matchCriteriaId":"DD3C8D8A-D9EC-4DB2-B2E2-3B3BFC6AF369"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*","matchCriteriaId":"14BE8733-6B79-406D-8AD4-1A034D93CA21"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*","matchCriteriaId":"4EA69FCA-EAD5-4BA9-8AF5-2FDC617B77E9"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*","matchCriteriaId":"431E382F-3638-43FE-978E-6FB72C0406A2"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*","matchCriteriaId":"D84C0F92-BA3D-47E3-A89C-F7BFE70F1A50"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*","matchCriteriaId":"E85940EC-E144-4B26-B2FB-A4985FE852C4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*","matchCriteriaId":"B05F9BD8-4A97-4E30-9D87-C54D2C688C85"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*","matchCriteriaId":"8BFAEFD1-D6E0-4401-A81E-9B73DF6C4600"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*","matchCriteriaId":"30EBB2AE-CC19-455C-8338-DC99649128E8"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*","matchCriteriaId":"271C69BC-E8B9-4E95-91F0-719FDC71E31F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*","matchCriteriaId":"E97E6E0E-88BA-4EF3-83D3-F3A49076C6AA"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*","matchCriteriaId":"38178E55-35F2-407E-906C-CDA706881684"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:6.0:sp1:*:*:*:*:*:*","matchCriteriaId":"7383260B-83F0-4915-BFF3-BAD5C3228B26"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:6.0:sp2:*:*:*:*:*:*","matchCriteriaId":"0F8A1D4E-B671-4ADA-B9EA-B01BF7C17F61"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:6.0:sp3:*:*:*:*:*:*","matchCriteriaId":"53779E82-8FB9-498D-9E1C-4B7671E722D4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:6.0:sp4:*:*:*:*:*:*","matchCriteriaId":"C61702CF-2660-4CC0-9563-B0DCD363B9DB"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:iplanet_web_server:6.0:sp5:*:*:*:*:*:*","matchCriteriaId":"A3AEFF59-9E04-497C-81B0-D664BA52AC4F"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*","matchCriteriaId":"33621D67-8191-42EE-8859-8B5FC30F935A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*","matchCriteriaId":"0C6F8563-701E-4E54-A0C9-67E9DF74D60D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*","matchCriteriaId":"4022E5C6-5651-45DD-AF73-89CF38E71D9D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*","matchCriteriaId":"EEF4CFCE-DEEC-4652-A96F-0C7B5A88175A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*","matchCriteriaId":"873034EA-B3C6-43E6-AE98-A04598D9A392"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*","matchCriteriaId":"AE01BAC9-DC57-4BC8-9BFB-9C7C94A516A8"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*","matchCriteriaId":"1CEA91AD-443D-4856-AC7A-3DDE0791134D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*","matchCriteriaId":"07C1D4DC-252A-4602-A916-32E51CCA75B1"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*","matchCriteriaId":"526D2FAD-4241-412C-8863-B273D3733153"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*","matchCriteriaId":"B8A796CB-D675-49FC-98BA-4D527211C70D"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*","matchCriteriaId":"8693959B-7D5D-414B-8660-2A693AF24541"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*","matchCriteriaId":"1BDC4A06-33A1-4619-B870-7F2AF1D332F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*","matchCriteriaId":"8A445032-AD7B-4971-B175-DF3183A4A12C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*","matchCriteriaId":"38698A3B-9597-4BC9-B112-BB908C3DE86B"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*","matchCriteriaId":"78587B6D-2A95-4714-9632-4F75CD552E7A"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*","matchCriteriaId":"279FE555-E290-4B17-855D-781C9B58ED55"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*","matchCriteriaId":"4493C646-DF4B-45C7-86F7-A71AC9B1CA97"},{"vulnerable":true,"criteria":"cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*","matchCriteriaId":"689F0A9F-8F34-4958-B869-C4FB8BC02406"}]}]}]},"legacy_mitre":{"record":{"CveYear":"2004","CveId":"2763","Ordinal":"1","Title":"CVE-2004-2763","CVE":"CVE-2004-2763","Year":"2004"},"notes":[{"CveYear":"2004","CveId":"2763","Ordinal":"1","NoteData":"The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.","Type":"Description","Title":"CVE-2004-2763"},{"CveYear":"2004","CveId":"2763","Ordinal":"2","NoteData":"2009-06-01","Type":"Other","Title":"Published"}]}}}