PT-2004-3214 · Bea · Bea Weblogic Server
Published
2004-12-31
·
Updated
2026-05-28
·
CVE-2004-2320
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions:
BEA WebLogic Server and Express versions 5.1 through SP13
BEA WebLogic Server and Express versions 6.1 through SP6
BEA WebLogic Server and Express versions 7.0 through SP4
BEA WebLogic Server and Express versions 8.1 through SP2
Description:
The default configuration of the software responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Recommendations:
For versions 5.1 through SP13, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
For versions 6.1 through SP6, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
For versions 7.0 through SP4, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
For versions 8.1 through SP2, consider disabling the HTTP TRACE request to prevent cross-site tracing attacks.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bea Weblogic Server