PT-2010-2169 · Sun · Sun Java System Web Server+1
Published
2010-01-25
·
Updated
2026-05-28
·
CVE-2010-0386
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N |
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sun Java System Web Server
Sun Java System Application Server