WebLogic Server and Express HTTP TRACE Credential Theft Vulnerability

WebLogic Server and Express may prone to a vulnerability that may allow a remote attacker to steal sensitive information such as cookie-based authentication credentials. The issue occurs because WebLogic Server responds to the HTTP TRACE request by default.

Successful exploits may allow an attacker to compromise user accounts by gaining access to sensitive header information. This issue may be combined with other attacks such as cross-site scripting to steal cookie-based authentication credentials.


 

Privacy Statement
Copyright 2010, SecurityFocus