Unrated severityNVD Advisory· Published Nov 1, 2005· Updated Apr 16, 2026

CVE-2005-3398

Description

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

Affected products

Sun Corporation/Solaris2 versions
cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*+ 1 more
- cpe:2.3:o:sun:solaris:10.0:*:sparc:*:*:*:*:*
- cpe:2.3:o:sun:solaris:9.0:*:sparc:*:*:*:*:*
Sun Corporation/Sunos
cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

securitytracker.com/idnvdPatch
sunsolve.sun.com/search/document.donvdPatchVendor Advisory
secunia.com/advisories/17334nvd
www.securityfocus.com/bid/15222nvd
www.vupen.com/english/advisories/2005/2226nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1445nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.032
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000