PT-2005-4196 · Oracle · Solaris Management Console
Published
2005-11-01
·
Updated
2026-05-28
·
CVE-2005-3398
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Solaris Management Console (SMC) versions 8 through 10
Description
The default configuration of the web server for the Solaris Management Console enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
Recommendations
For Solaris Management Console (SMC) versions 8 through 10, consider disabling the HTTP TRACE method to prevent potential information disclosure.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Solaris Management Console