CVE-2005-3398

high

Description

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1445

http://www.vupen.com/english/advisories/2005/2226

http://www.securityfocus.com/bid/15222

http://sunsolve.sun.com/search/document.do?assetkey=1-26-102016-1

http://securitytracker.com/id?1015112

http://secunia.com/advisories/17334

Details

Source: Mitre, NVD

Published: 2005-11-01

Updated: 2025-04-03

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

EPSS

EPSS: 0.39542