发布时间 :2005-11-01 07:47:00
修订时间 :2011-03-07 21:26:28

[原文]The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

[CNNVD]Sun Solaris管理控制台HTTP TRACE信息泄露漏洞(CNNVD-200511-012)

        Solaris 是Sun Microsystems研发的计算机 操作系统。它被认为是UNIX操作系统的衍生版本之一。 目前Solaris属于混合开源软件。
        Solaris 8、9、10中Solaris管理控制台(SMC) Web服务器的默认配置会启用HTTP TRACE方法,这可让远程攻击者从HTTP头中获取cookie和认证之类的敏感信息。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:1445SMC TRACE HTTP Vulnerability

- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(PATCH)  SECTRACK  1015112
(UNKNOWN)  VUPEN  ADV-2005-2226
(UNKNOWN)  BID  15222

- 漏洞信息

Sun Solaris管理控制台HTTP TRACE信息泄露漏洞
中危 信息泄露
2005-11-01 00:00:00 2009-01-08 00:00:00
        Solaris 是Sun Microsystems研发的计算机 操作系统。它被认为是UNIX操作系统的衍生版本之一。 目前Solaris属于混合开源软件。
        Solaris 8、9、10中Solaris管理控制台(SMC) Web服务器的默认配置会启用HTTP TRACE方法,这可让远程攻击者从HTTP头中获取cookie和认证之类的敏感信息。

- 公告与补丁


- 漏洞信息

Multiple Web Server Dangerous HTTP Method TRACE
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

RFC compliant web servers support the TRACE HTTP method, which contains a flaw that may lead to an unauthorized information disclosure. The TRACE method is used to debug web server connections and allows the client to see what is being received at the other end of the request chain. Enabled by default in all major web servers, a remote attacker may abuse the HTTP TRACE functionality, i.e. cross-site scripting (XSS), which will disclose sensitive configuration information resulting in a loss of confidentiality.

- 时间线

2003-01-20 Unknow
2003-01-20 Unknow

- 解决方案

If the TRACE method is not essential for your site, disable it in the web server configuration. Consult your documentation or vendor for detailed instructions on how to accomplish this.

- 相关参考

- 漏洞作者

- 漏洞信息

Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability
Access Validation Error 15222
Yes No
2005-10-26 12:00:00 2007-06-13 08:09:00
This issue was reported by Sun.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
Sun Solaris 10

- 漏洞讨论

Sun Solaris Management Console is prone to an information-disclosure vulnerability.

The issue presents itself because the server responds to the HTTP TRACE request by default.

With HTTP TRACE functionality enabled by default, an attacker can compromise user accounts by gaining access to sensitive header information. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials.

- 漏洞利用

An exploit is not required.

- 解决方案

Sun has released advisory 102016 including patches for Solaris 9 to address this issue. Please see the referenced advisory for more information.

- 相关参考