PT-2004-3214 · Bea · Bea Weblogic Server
Publicado
2004-12-31
·
Atualizado
2026-05-28
·
CVE-2004-2320
CVSS v3.1
5.3
Média
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
BEA WebLogic Server and Express versions 5.1 through SP13
BEA WebLogic Server and Express versions 6.1 through SP6
BEA WebLogic Server and Express versions 7.0 through SP4
BEA WebLogic Server and Express versions 8.1 through SP2
Description:
The default configuration of the software responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Recommendations:
For versions 5.1 through SP13, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
For versions 6.1 through SP6, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
For versions 7.0 through SP4, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
For versions 8.1 through SP2, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
Correção
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bea Weblogic Server