BSA-2016-012
21620
21 December 2018
24 October 2016
Closed
Low
4.9
N/A
CVE-2004-2320
Summary Security Advisory ID : BSA-2016-012 Component : BEA WebLogic Revision : 2.0: Final
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
Statement
The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required.
For more information please see:
http://www.apacheweek.com/issues/03-01-24#news
No Brocade Fibre Channel technology products from Broadcom are currently known to be affected by this vulnerability.
Version |
Change |
Date |
---|---|---|
1.0 |
Initial Publication |
Oct 24, 2016 |
2.0 | Updated to cover Fibre Channel Only | Dec 21, 2018 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.