Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability

Sun Solaris Management Console is prone to an information-disclosure vulnerability.

The issue presents itself because the server responds to the HTTP TRACE request by default.

With HTTP TRACE functionality enabled by default, an attacker can compromise user accounts by gaining access to sensitive header information. The attacker may exploit this issue along with other attacks, such as cross-site scripting, to steal cookie-based authentication credentials.


 

Privacy Statement
Copyright 2010, SecurityFocus