The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote malicious users to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sun iplanet web server 4.1 |
||
sun one web server 4.1 |
||
sun one web server 6.1 |
||
sun iplanet web server 6.0 |
||
sun one web server 6.0 |