CVE-2004-2320 Information

Description

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier 7.0 SP4 and earlier 6.1 through SP6 and 5.1 through SP13 responds to the HTTP TRACE request which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Reference

http://dev2dev.bea.com/pub/advisory/68 http://secunia.com/advisories/10726 http://www.kb.cert.org/vuls/id/867593 http://www.osvdb.org/3726 http://www.securityfocus.com/bid/9506 http://www.securitytracker.com/alerts/2004/Jan/1008866.html https://exchange.xforce.ibmcloud.com/vulnerabilities/14959