Vulnerability Name:

CVE-2005-3398 (CCN-22895)

Assigned:2005-10-26
Published:2005-10-26
Updated:2018-10-30
Summary:The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): None
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.6 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.1 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:F/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): None
Availibility (A): None
Vulnerability Type:CWE-200
Vulnerability Consequences:Obtain Information
References:Source: MITRE
Type: CNA
CVE-2005-3398

Source: CCN
Type: SA17334
Sun Solaris HTTP TRACE Response Cross-Site Scripting Issue

Source: SECUNIA
Type: UNKNOWN
17334

Source: CCN
Type: SECTRACK ID: 1015112
Solaris Management Console Enables HTTP TRACE Support By Default

Source: SECTRACK
Type: Patch
1015112

Source: CCN
Type: Sun Alert ID: 102016
The Solaris Management Console (SMC) Enables TRACE HTTP by Default

Source: SUNALERT
Type: Patch, Vendor Advisory
102016

Source: BID
Type: UNKNOWN
15222

Source: CCN
Type: BID-15222
Sun Solaris Management Console HTTP TRACE Information Disclosure Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2005-2226

Source: XF
Type: UNKNOWN
solaris-smc-http-trace-obtain-information(22895)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:1445

Source: CCN
Type: Rapid7 Web site
HTTP Options Detection

Source: CCN
Type: Rapid7 Vulnerability and Exploit Database [05-30-2018]
HTTP Options Detection

Vulnerable Configuration:Configuration 1:
  • cpe:/o:sun:solaris:9.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10.0:*:sparc:*:*:*:*:*
  • OR cpe:/o:sun:sunos:5.8:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:sun:solaris:8::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:8::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::sparc:*:*:*:*:*
  • OR cpe:/o:sun:solaris:10::x86:*:*:*:*:*
  • OR cpe:/o:sun:solaris:9::sparc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:1445
    V
    		SMC TRACE HTTP Vulnerability
    2006-02-22
    BACK
    sun solaris 9.0
    sun solaris 10.0
    sun sunos 5.8
    sun solaris 8
    sun solaris 8
    sun solaris 9
    sun solaris 10
    sun solaris 10
    sun solaris 9