Unrated severityNVD Advisory· Published Jun 1, 2009· Updated Apr 23, 2026

CVE-2004-2763

Description

The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 through SP12 and 6.0 SP1 through SP5 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.

Affected products

Sun Corporation/Iplanet Web Server29 versions
cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*+ 28 more
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp10:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp11:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp12:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp1:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp2:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp3:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp4:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp5:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp6:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp7:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp8:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:4.1:sp9:enterprise:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:6.0:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:6.0:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:6.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:iplanet_web_server:6.0:sp5:*:*:*:*:*:*
Sun Corporation/One Web Server18 versions
cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*+ 17 more
- cpe:2.3:a:sun:one_web_server:4.1:*:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp10:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp11:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp12:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp2:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp6:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp7:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp8:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:4.1:sp9:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp3:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp4:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.0:sp5:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.1:sp1:*:*:*:*:*:*
- cpe:2.3:a:sun:one_web_server:6.1:sp2:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdfnvdExploit
www.kb.cert.org/vuls/id/867593nvdUS Government Resource
archive.cert.uni-stuttgart.de/uniras/2004/02/msg00007.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000