content:en_us:announcements_cve_cve-2010-0386

CVE 2010-0386

'The default configuration of Sun Java System Application Server 7 and 7 2004Q2 enables the HTTP TRACE method, which makes it easier for remote attackers to steal cookies and authentication credentials via a cross-site tracing (XST) attack, a related issue to CVE-2004-2763 and CVE-2005-3398.'

ClearCenter response

Short response

ClearOS does not run the Sun Java System Application Server and is not vulnerable to this attack.

Long response

This CVE does not affect ClearOS systems. Only Sun Java System Application Server is susceptible to this CVE. The inclusion of this CVE as being relevant to ClearOS indicates an inability of the audit system to properly identify the running OS or web services application.

Resolution

No action required.

content/en_us/announcements_cve_cve-2010-0386.txt · Last modified: 2014/12/22 18:04 by dloper