CVE-2004-2763
First published: Mon Jun 01 2009(Updated: )
The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iPlanet Web Server | =4.1-sp1 | |
| iPlanet Web Server | =4.1-sp1 | |
| iPlanet Web Server | =4.1-sp10 | |
| iPlanet Web Server | =4.1-sp10 | |
| iPlanet Web Server | =4.1-sp11 | |
| iPlanet Web Server | =4.1-sp11 | |
| iPlanet Web Server | =4.1-sp12 | |
| iPlanet Web Server | =4.1-sp12 | |
| iPlanet Web Server | =4.1-sp2 | |
| iPlanet Web Server | =4.1-sp2 | |
| iPlanet Web Server | =4.1-sp3 | |
| iPlanet Web Server | =4.1-sp3 | |
| iPlanet Web Server | =4.1-sp4 | |
| iPlanet Web Server | =4.1-sp4 | |
| iPlanet Web Server | =4.1-sp5 | |
| iPlanet Web Server | =4.1-sp5 | |
| iPlanet Web Server | =4.1-sp6 | |
| iPlanet Web Server | =4.1-sp6 | |
| iPlanet Web Server | =4.1-sp7 | |
| iPlanet Web Server | =4.1-sp7 | |
| iPlanet Web Server | =4.1-sp8 | |
| iPlanet Web Server | =4.1-sp8 | |
| iPlanet Web Server | =4.1-sp9 | |
| iPlanet Web Server | =4.1-sp9 | |
| iPlanet Web Server | =6.0-sp1 | |
| iPlanet Web Server | =6.0-sp2 | |
| iPlanet Web Server | =6.0-sp3 | |
| iPlanet Web Server | =6.0-sp4 | |
| iPlanet Web Server | =6.0-sp5 | |
| Sun ONE Web Server | =4.1 | |
| Sun ONE Web Server | =4.1-sp1 | |
| Sun ONE Web Server | =4.1-sp10 | |
| Sun ONE Web Server | =4.1-sp11 | |
| Sun ONE Web Server | =4.1-sp12 | |
| Sun ONE Web Server | =4.1-sp2 | |
| Sun ONE Web Server | =4.1-sp3 | |
| Sun ONE Web Server | =4.1-sp4 | |
| Sun ONE Web Server | =4.1-sp5 | |
| Sun ONE Web Server | =4.1-sp6 | |
| Sun ONE Web Server | =4.1-sp7 | |
| Sun ONE Web Server | =4.1-sp8 | |
| Sun ONE Web Server | =4.1-sp9 | |
| Sun ONE Web Server | =6.0-sp3 | |
| Sun ONE Web Server | =6.0-sp4 | |
| Sun ONE Web Server | =6.0-sp5 | |
| Sun ONE Web Server | =6.1-sp1 | |
| Sun ONE Web Server | =6.1-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2004-2763?
CVE-2004-2763 has a medium severity rating due to the potential for cross-site tracing attacks.
How do I fix CVE-2004-2763?
To fix CVE-2004-2763, disable HTTP TRACE requests on affected versions of the Sun ONE/iPlanet Web Server.
Which versions are affected by CVE-2004-2763?
CVE-2004-2763 affects Sun ONE Web Server versions 4.1 SP1 through SP12 and 6.0 SP1 through SP5, as well as Sun iPlanet Web Server versions 4.1 SP1 through SP12.
What kind of attacks does CVE-2004-2763 enable?
CVE-2004-2763 enables cross-site scripting (XSS) attacks through cross-site tracing (XST).
Is there a workaround for CVE-2004-2763?
A workaround for CVE-2004-2763 includes configuring the server to reject or not respond to TRACE requests.
- agent/type
- agent/softwarecombine
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/sun
- canonical/iplanet web server
- version/iplanet web server/4.1-sp1
- version/iplanet web server/4.1-sp10
- version/iplanet web server/4.1-sp11
- version/iplanet web server/4.1-sp12
- version/iplanet web server/4.1-sp2
- version/iplanet web server/4.1-sp3
- version/iplanet web server/4.1-sp4
- version/iplanet web server/4.1-sp5
- version/iplanet web server/4.1-sp6
- version/iplanet web server/4.1-sp7
- version/iplanet web server/4.1-sp8
- version/iplanet web server/4.1-sp9
- version/iplanet web server/6.0-sp1
- version/iplanet web server/6.0-sp2
- version/iplanet web server/6.0-sp3
- version/iplanet web server/6.0-sp4
- version/iplanet web server/6.0-sp5
- canonical/sun one web server
- version/sun one web server/4.1
- version/sun one web server/4.1-sp1
- version/sun one web server/4.1-sp10
- version/sun one web server/4.1-sp11
- version/sun one web server/4.1-sp12
- version/sun one web server/4.1-sp2
- version/sun one web server/4.1-sp3
- version/sun one web server/4.1-sp4
- version/sun one web server/4.1-sp5
- version/sun one web server/4.1-sp6
- version/sun one web server/4.1-sp7
- version/sun one web server/4.1-sp8
- version/sun one web server/4.1-sp9
- version/sun one web server/6.0-sp3
- version/sun one web server/6.0-sp4
- version/sun one web server/6.0-sp5
- version/sun one web server/6.1-sp1
- version/sun one web server/6.1-sp2