CVE-2010-0386

8.1 HIGH

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for r...

Published: 2010-01-25 · Last updated: 2026-05-28

Severity and scoring

CVSS: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
CWE: CWE-16, CWE-160

Affected products

Vendor	Product
sun	java_system_application_server

Description

The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2010-0386
[Vendor advisory]http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1
[Vendor advisory]http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1

Related CVEs

Same vendor

CVE-1999-0517 — An SNMP community name is the default (e.g (5.9 MEDIUM)