CVE-2005-3398 Information

Description

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8 9 and 10 enables the HTTP TRACE method which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

Reference

http://secunia.com/advisories/17334 http://securitytracker.com/id?1015112 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1 http://www.securityfocus.com/bid/15222 http://www.vupen.com/english/advisories/2005/2226 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A1445