CVE-2004-2763
CVSS5.8
发布时间 :2009-06-01 18:30:00
修订时间 :2009-06-02 00:00:00
NMCOS    

[原文]The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.


[CNNVD]Sun ONE/iPlanet Web Server HTTP TRACE信息窃取漏洞(CNNVD-200906-001)

        Sun ONE/iPlanet是Sun公司推出的智能Web服务的软件组合系统,其中包含Sun ONE统一开发服务器,Sun ONE应用服务器可安装在Windows和Unix操作系统上。
        Sun ONE/iPlanet对HTTP TRACE请求处理存在问题,远程攻击者可以利用这个漏洞窃取一些基于验证的如COOKIE等敏感信息 。问题是由于Sun ONE/iPlanet默认情况下对HTTP TRACE请求的应答处理不正确,结合跨站脚本问题及使用HTTP TRACE方法对Sun ONE/iPlanet服务器进行请求,可导致获得基于验证的如COOKIE等敏感信息。
        

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-16 [配置]

- CPE (受影响的平台与产品)

cpe:/a:sun:one_web_server:6.1:sp2Sun ONE Web Server 6.1 SP2
cpe:/a:sun:one_web_server:4.1:sp9Sun ONE Web Server 4.1 SP9
cpe:/a:sun:one_web_server:4.1:sp5Sun ONE Web Server 4.1 SP5
cpe:/a:sun:one_web_server:4.1:sp1Sun ONE Web Server 4.1 SP1
cpe:/a:sun:iplanet_web_server:6.0:sp3
cpe:/a:sun:iplanet_web_server:6.0:sp5
cpe:/a:sun:one_web_server:4.1:sp10Sun ONE Web Server 4.1 SP10
cpe:/a:sun:iplanet_web_server:4.1:sp9Sun iPlanet Web Server 4.1 SP9
cpe:/a:sun:iplanet_web_server:4.1:sp9:enterpriseSun iPlanet Web Server 4.1 SP9 Enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp8:enterpriseSun iPlanet Web Server 4.1 SP8 Enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp7Sun iPlanet Web Server 4.1 SP7
cpe:/a:sun:one_web_server:4.1:sp6Sun ONE Web Server 4.1 SP6
cpe:/a:sun:one_web_server:4.1Sun ONE Web Server 4.1
cpe:/a:sun:iplanet_web_server:4.1:sp10:enterpriseSun iPlanet Web Server 4.1 SP10 Enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp11
cpe:/a:sun:iplanet_web_server:4.1:sp11:enterprise
cpe:/a:sun:one_web_server:4.1:sp8Sun ONE Web Server 4.1 SP8
cpe:/a:sun:one_web_server:4.1:sp4Sun ONE Web Server 4.1 SP4
cpe:/a:sun:iplanet_web_server:4.1:sp4Sun iPlanet Web Server 4.1 SP4
cpe:/a:sun:one_web_server:6.0:sp3
cpe:/a:sun:iplanet_web_server:6.0:sp4
cpe:/a:sun:iplanet_web_server:4.1:sp1Sun iPlanet Web Server 4.1 SP1
cpe:/a:sun:iplanet_web_server:4.1:sp1:enterpriseSun iPlanet Web Server 4.1 SP1 Enterprise
cpe:/a:sun:one_web_server:6.0:sp4
cpe:/a:sun:iplanet_web_server:4.1:sp8Sun iPlanet Web Server 4.1 SP8
cpe:/a:sun:iplanet_web_server:4.1:sp2:enterpriseSun iPlanet Web Server 4.1 SP2 Enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp2Sun iPlanet Web Server 4.1 SP2
cpe:/a:sun:iplanet_web_server:4.1:sp10Sun iPlanet Web Server 4.1 SP10
cpe:/a:sun:one_web_server:6.1:sp1Sun ONE Web Server 6.1 SP1
cpe:/a:sun:one_web_server:4.1:sp3Sun ONE Web Server 4.1 SP3
cpe:/a:sun:iplanet_web_server:4.1:sp7:enterpriseSun iPlanet Web Server 4.1 SP7 Enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp12:enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp5:enterpriseSun iPlanet Web Server 4.1 SP5 Enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp5Sun iPlanet Web Server 4.1 SP5
cpe:/a:sun:iplanet_web_server:4.1:sp3:enterpriseSun iPlanet Web Server 4.1 SP3 Enterprise
cpe:/a:sun:iplanet_web_server:4.1:sp3Sun iPlanet Web Server 4.1 SP3
cpe:/a:sun:one_web_server:4.1:sp2Sun ONE Web Server 4.1 SP2
cpe:/a:sun:one_web_server:4.1:sp11Sun ONE Web Server 4.1 SP11
cpe:/a:sun:iplanet_web_server:4.1:sp6Sun iPlanet Web Server 4.1 SP6
cpe:/a:sun:one_web_server:4.1:sp7Sun ONE Web Server 4.1 SP7
cpe:/a:sun:iplanet_web_server:6.0:sp2
cpe:/a:sun:iplanet_web_server:4.1:sp4:enterpriseSun iPlanet Web Server 4.1 SP4 Enterprise
cpe:/a:sun:iplanet_web_server:6.0:sp1
cpe:/a:sun:one_web_server:6.0:sp5
cpe:/a:sun:iplanet_web_server:4.1:sp6:enterpriseSun iPlanet Web Server 4.1 SP6 Enterprise
cpe:/a:sun:one_web_server:4.1:sp12Sun ONE Web Server 4.1 SP12
cpe:/a:sun:iplanet_web_server:4.1:sp12

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2763
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2763
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200906-001
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/867593
(UNKNOWN)  CERT-VN  VU#867593
http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
(UNKNOWN)  MISC  http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf
http://archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.html
(UNKNOWN)  SUNALERT  50603

- 漏洞信息

Sun ONE/iPlanet Web Server HTTP TRACE信息窃取漏洞
中危 配置错误
2009-06-01 00:00:00 2009-06-02 00:00:00
远程  
        Sun ONE/iPlanet是Sun公司推出的智能Web服务的软件组合系统,其中包含Sun ONE统一开发服务器,Sun ONE应用服务器可安装在Windows和Unix操作系统上。
        Sun ONE/iPlanet对HTTP TRACE请求处理存在问题,远程攻击者可以利用这个漏洞窃取一些基于验证的如COOKIE等敏感信息 。问题是由于Sun ONE/iPlanet默认情况下对HTTP TRACE请求的应答处理不正确,结合跨站脚本问题及使用HTTP TRACE方法对Sun ONE/iPlanet服务器进行请求,可导致获得基于验证的如COOKIE等敏感信息。
        

- 公告与补丁

        暂无数据

- 漏洞信息

11408
Sun Java System Application Server HTTP TRACE Response XSS
Remote / Network Access Information Disclosure, Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Unknown

- 漏洞描述

Java System Application Server contains a flaw that may allow a malicious user to access confidential information. The issue is triggered when cross site scripting (XSS) is used to initiate TRACE requests. It is possible that the flaw may allow access to sensitive header information resulting in a loss of confidentiality and integrity.

- 时间线

2004-11-03 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable HTTP TRACE support for webserver.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Sun ONE/iPlanet Web Server HTTP TRACE Credential Theft Vulnerability
Access Validation Error 9561
Yes No
2004-02-02 12:00:00 2009-08-28 03:32:00
The disclosure of this issue has been credited to the vendor.

- 受影响的程序版本

Sun ONE Web Server 6.1
Sun ONE Web Server 6.0 SP5
Sun ONE Web Server 6.0 SP4
Sun ONE Web Server 6.0 SP3
Sun ONE Web Server 6.0 SP2
Sun ONE Web Server 6.0 SP1
Sun ONE Web Server 6.0
Sun ONE Web Server 4.1 SP9
Sun ONE Web Server 4.1 SP8
Sun ONE Web Server 4.1 SP7
Sun ONE Web Server 4.1 SP6
Sun ONE Web Server 4.1 SP5
Sun ONE Web Server 4.1 SP5
Sun ONE Web Server 4.1 SP4
Sun ONE Web Server 4.1 SP3
Sun ONE Web Server 4.1 SP2
Sun ONE Web Server 4.1 SP12
Sun ONE Web Server 4.1 SP11
Sun ONE Web Server 4.1 SP10
Sun ONE Web Server 4.1 SP1
Sun ONE Web Server 4.1
Sun Java System Web Server 7.0 Plugin 0
+ Sun N1 Service Provisioning System 6.0
+ Sun N1 Service Provisioning System 6.0
+ Sun N1 Service Provisioning System 5.2
+ Sun N1 Service Provisioning System 5.2
Sun Java System Web Server 7.0 Update 3
Sun Java System Web Server 7.0 Update 2
Sun Java System Web Server 7.0 Update 1
Sun Java System Web Server 7.0

- 漏洞讨论

Sun ONE/iPlanet Web Server is prone to a credentials-theft vulnerability that that may allow a remote attacker to steal sensitive information such as cookie-based authentication credentials. The issue occurs because ONE/iPlanet Web Server responds to the HTTP TRACE request by default.

Successful exploits may allow the attacker to compromise user accounts by gaining access to sensitive header information. This issue may be combined with other attacks such as cross-site scripting to steal cookie-based authentication credentials.

- 漏洞利用

No exploit code is required.

- 解决方案

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站