• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Sun ONE/iPlanet Web Server HTTP TRACE Credential Theft Vulnerability

Sun ONE/iPlanet Web Server is prone to a credentials-theft vulnerability that that may allow a remote attacker to steal sensitive information such as cookie-based authentication credentials. The issue occurs because ONE/iPlanet Web Server responds to the HTTP TRACE request by default.

Successful exploits may allow the attacker to compromise user accounts by gaining access to sensitive header information. This issue may be combined with other attacks such as cross-site scripting to steal cookie-based authentication credentials.