[原文]The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
RFC compliant web servers support the TRACE HTTP method, which contains a flaw that may lead to an unauthorized information disclosure. The TRACE method is used to debug web server connections and allows the client to see what is being received at the other end of the request chain. Enabled by default in all major web servers, a remote attacker may abuse the HTTP TRACE functionality, i.e. cross-site scripting (XSS), which will disclose sensitive configuration information resulting in a loss of confidentiality.
If the TRACE method is not essential for your site, disable it in the web server configuration. Consult your documentation or vendor for detailed instructions on how to accomplish this.
Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10.0_x86
Sun Solaris 10
Sun Solaris Management Console is prone to an information-disclosure vulnerability.
The issue presents itself because the server responds to the HTTP TRACE request by default.
With HTTP TRACE functionality enabled by default, an attacker can compromise user accounts by gaining access to sensitive header information. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials.
An exploit is not required.
Sun has released advisory 102016 including patches for Solaris 9 to address this issue. Please see the referenced advisory for more information.