Sign-up

ID

VAR-200511-0133


CVE

CVE-2005-3398


TITLE

Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability

Trust: 0.9

sources: BID: 15222 // CNNVD: CNNVD-200511-012

DESCRIPTION

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers. The HTTP TRACE method returns the contents of client HTTP requests in the entity-body of the TRACE response. RFC 2616 According to TRACE Supports methods Web The server is set in the browser Cookie A vulnerability exists in which information is obtained.Set in browser Cookie Authentication information derived from (Basic Authentication: base64 Contains encoded user information ) May get you. Sun Solaris Management Console is prone to an information-disclosure vulnerability. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials. TITLE: Sun Solaris HTTP TRACE Response Cross-Site Scripting Issue SECUNIA ADVISORY ID: SA17334 VERIFY ADVISORY: http://secunia.com/advisories/17334/ CRITICAL: Not critical IMPACT: Cross Site Scripting WHERE: >From local network OPERATING SYSTEM: Sun Solaris 10 http://secunia.com/product/4813/ Sun Solaris 8 http://secunia.com/product/94/ Sun Solaris 9 http://secunia.com/product/95/ DESCRIPTION: Sun has acknowledged a security issue in Solaris, which potentially can be exploited by malicious people to conduct cross-site scripting attacks. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when combined with certain browser vulnerabilities. It is reportedly not possible to disable the TRACE method. The security issue has been reported in Solaris 8, 9 and 10 on both SPARC and x86 platforms. SOLUTION: Apply patches when available. The vendor recommends that the SMC may be disabled as a workaround. -- SPARC Platform -- Solaris 9: Apply patch 116807-02 or later. -- x86 Platform -- Solaris 9: Apply patch 116808-02 or later. PROVIDED AND/OR DISCOVERED BY: Reported by vendor. ORIGINAL ADVISORY: http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.7

sources: NVD: CVE-2005-3398 // CERT/CC: VU#867593 // JVNDB: JVNDB-2003-000018 // BID: 15222 // PACKETSTORM: 41017

AFFECTED PRODUCTS

vendor:sunmodel:solarisscope:eqversion:9.0

Trust: 1.6

vendor:sunmodel:sunosscope:eqversion:5.8

Trust: 1.6

vendor:sunmodel:solarisscope:eqversion:10.0

Trust: 1.6

vendor:apachemodel: - scope: - version: -

Trust: 0.8

vendor:ibmmodel: - scope: - version: -

Trust: 0.8

vendor:lotusmodel: - scope: - version: -

Trust: 0.8

vendor:microsoftmodel: - scope: - version: -

Trust: 0.8

vendor:sun microsystemsmodel: - scope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope:lteversion:1.3.27

Trust: 0.8

vendor:apachemodel:http serverscope:lteversion:2.0.44

Trust: 0.8

vendor:sun microsystemsmodel:java system web serverscope:eqversion:7.0

Trust: 0.8

vendor:sun microsystemsmodel:one/iplanet web serverscope:eqversion:4.1

Trust: 0.8

vendor:sun microsystemsmodel:one/iplanet web serverscope:eqversion:6.0

Trust: 0.8

vendor:sun microsystemsmodel:one/iplanet web serverscope:eqversion:6.1

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:10 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:8 (x86)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (sparc)

Trust: 0.8

vendor:sun microsystemsmodel:solarisscope:eqversion:9 (x86)

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:4.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.0

Trust: 0.8

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 0.8

vendor:sunmodel:solarisscope:eqversion:8.0

Trust: 0.6

vendor:sunmodel:solaris 9 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:9

Trust: 0.3

vendor:sunmodel:solaris 8 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 8 sparcscope: - version: -

Trust: 0.3

vendor:sunmodel:solaris 10.0 x86scope: - version: -

Trust: 0.3

vendor:sunmodel:solarisscope:eqversion:10

Trust: 0.3

sources: CERT/CC: VU#867593 // BID: 15222 // JVNDB: JVNDB-2003-000018 // CNNVD: CNNVD-200511-012 // NVD: CVE-2005-3398

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-3398
value: MEDIUM

Trust: 1.0

CARNEGIE MELLON: VU#867593
value: 3.71

Trust: 0.8

NVD: CVE-2005-3398
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-200511-012
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2005-3398
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: CERT/CC: VU#867593 // JVNDB: JVNDB-2003-000018 // CNNVD: CNNVD-200511-012 // NVD: CVE-2005-3398

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.8

sources: JVNDB: JVNDB-2003-000018 // NVD: CVE-2005-3398

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200511-012

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200511-012

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2003-000018

PATCH
title:In the news 03-01-24url:http://www.apacheweek.com/issues/03-01-24#news
Trust: 0.8
title:200171url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200171-1
Trust: 0.8
title:50603url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-50603-1
Trust: 0.8
title:102016url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1
Trust: 0.8
title:50603url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-50603-3
Trust: 0.8
title:102016url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-3
Trust: 0.8
title:Top Pageurl:http://www.microsoft.com/ja/jp/default.aspx
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2003-000018

EXTERNAL IDS
db:NVDid:CVE-2005-3398
Trust: 2.7
db:BIDid:15222
Trust: 2.7
db:SECUNIAid:17334
Trust: 1.7
db:SECUNIAid:13090
Trust: 1.6
db:CERT/CCid:VU#867593
Trust: 1.6
db:SECTRACKid:1015112
Trust: 1.6
db:VUPENid:ADV-2005-2226
Trust: 1.6
db:CERT/CCid:VU#288308
Trust: 0.8
db:BIDid:9561
Trust: 0.8
db:JVNDBid:JVNDB-2003-000018
Trust: 0.8
db:US GOVERNMENTid:OVAL:ORG.MITRE.OVAL:DEF:1445
Trust: 0.6
db:SUNALERTid:102016
Trust: 0.6
db:CNNVDid:CNNVD-200511-012
Trust: 0.6
db:PACKETSTORMid:41017
Trust: 0.1
sources:
            
            
            CERT/CC: VU#867593 // 
            
            
            
            BID: 15222 // 
            
            
            
            JVNDB: JVNDB-2003-000018 // 
            
            
            
            PACKETSTORM: 41017 // 
            
            
            
            CNNVD: CNNVD-200511-012 // 
            
            
            
            NVD: CVE-2005-3398

REFERENCES
url:http://www.securityfocus.com/bid/15222
Trust: 2.4
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1
Trust: 2.0
url:http://securitytracker.com/id?1015112
Trust: 1.6
url:http://secunia.com/advisories/17334
Trust: 1.6
url:http://www.vupen.com/english/advisories/2005/2226
Trust: 1.0
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a1445
Trust: 1.0
url:http://www.ietf.org/rfc/rfc2616.txt
Trust: 0.8
url:http://www.cgisecurity.com/whitehat-mirror/wh-whitepaper_xst_ebook.pdf
Trust: 0.8
url:http://www.microsoft.com/technet/security/tools/urlscan.asp
Trust: 0.8
url:http://httpd.apache.org/docs/mod/mod_rewrite.html
Trust: 0.8
url:http://msdn.microsoft.com/workshop/author/dhtml/httponly_cookies.asp
Trust: 0.8
url:http://www.w3.org/dom/
Trust: 0.8
url:http://msdn.microsoft.com/library/default.asp?url=/workshop/author/dhtml/dhtml_node_entry.asp
Trust: 0.8
url:http://msdn.microsoft.com/workshop/author/dhtml/reference/properties/cookie.asp
Trust: 0.8
url:http://msdn.microsoft.com/library/default.asp?url=/library/en-us/xmlsdk/htm/xml_obj_ixmlhttprequest_8bp0.asp
Trust: 0.8
url:http://www.apacheweek.com/issues/03-01-24#news
Trust: 0.8
url:http://secunia.com/advisories/13090/
Trust: 0.8
url:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57670-1
Trust: 0.8
url:http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
Trust: 0.8
url:http://www-1.ibm.com/support/docview.wss?&uid=swg21201202
Trust: 0.8
url:http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java
Trust: 0.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2005-3398
Trust: 0.8
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2005-3398
Trust: 0.8
url:http://secunia.com/advisories/13090
Trust: 0.8
url:http://www.securityfocus.com/bid/9561
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/288308
Trust: 0.8
url:http://www.kb.cert.org/vuls/id/867593
Trust: 0.8
url:http://www.frsirt.com/english/advisories/2005/2226
Trust: 0.6
url:http://oval.mitre.org/repository/data/getdef?id=oval:org.mitre.oval:def:1445
Trust: 0.6
url:http://secunia.com/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/about_secunia_advisories/
Trust: 0.1
url:http://secunia.com/product/4813/
Trust: 0.1
url:http://secunia.com/product/95/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/17334/
Trust: 0.1
url:http://secunia.com/product/94/
Trust: 0.1
sources:
            
            
            CERT/CC: VU#867593 // 
            
            
            
            BID: 15222 // 
            
            
            
            JVNDB: JVNDB-2003-000018 // 
            
            
            
            PACKETSTORM: 41017 // 
            
            
            
            CNNVD: CNNVD-200511-012 // 
            
            
            
            NVD: CVE-2005-3398

CREDITS
This issue was reported by Sun.
Trust: 0.9
sources:
            
            
            BID: 15222 // 
            
            
            
            CNNVD: CNNVD-200511-012

SOURCES
db:CERT/CCid:VU#867593
db:BIDid:15222
db:JVNDBid:JVNDB-2003-000018
db:PACKETSTORMid:41017
db:CNNVDid:CNNVD-200511-012
db:NVDid:CVE-2005-3398

LAST UPDATE DATE
2024-08-14T12:49:02.928000+00:00

SOURCES UPDATE DATE
db:CERT/CCid:VU#867593date:2009-08-17T00:00:00
db:BIDid:15222date:2007-06-13T20:09:00
db:JVNDBid:JVNDB-2003-000018date:2009-09-25T00:00:00
db:CNNVDid:CNNVD-200511-012date:2009-01-08T00:00:00
db:NVDid:CVE-2005-3398date:2018-10-30T16:25:37.090

SOURCES RELEASE DATE
db:CERT/CCid:VU#867593date:2003-01-24T00:00:00
db:BIDid:15222date:2005-10-26T00:00:00
db:JVNDBid:JVNDB-2003-000018date:2007-04-01T00:00:00
db:PACKETSTORMid:41017date:2005-10-28T19:44:24
db:CNNVDid:CNNVD-200511-012date:2005-11-01T00:00:00
db:NVDid:CVE-2005-3398date:2005-11-01T12:47:00