8.1
CVE-2010-0386
- EPSS 1.69%
- Veröffentlicht 25.01.2010 19:30:01
- Zuletzt bearbeitet 16.06.2026 23:16:03
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Sun ≫ Java System Application Server Version7.0
Sun ≫ Java System Application Server Version7.0 Editionplatform
Sun ≫ Java System Application Server Version7.0 Editionstandard
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.69% | 0.741 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 8.1 | 2.8 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
|
CWE-160 Improper Neutralization of Leading Special Elements
The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes leading special elements that could be interpreted in unexpected ways when they are sent to a downstream component.
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1