FKIE_CVE-2004-2320

Vulnerability from fkie_nvd - Published: 2004-12-31 05:00 - Updated: 2026-05-28 19:16
Severity
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting.
References
cve@mitre.orghttp://dev2dev.bea.com/pub/advisory/68Patch, Vendor Advisory
cve@mitre.orghttp://secunia.com/advisories/10726Vendor Advisory
cve@mitre.orghttp://www.kb.cert.org/vuls/id/867593Third Party Advisory, US Government Resource
cve@mitre.orghttp://www.osvdb.org/3726
cve@mitre.orghttp://www.securityfocus.com/bid/9506Patch
cve@mitre.orghttp://www.securitytracker.com/alerts/2004/Jan/1008866.htmlPatch
cve@mitre.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/14959
af854a3a-2127-422b-91ae-364da2661108http://dev2dev.bea.com/pub/advisory/68Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/10726Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/867593Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.osvdb.org/3726
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/9506Patch
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/alerts/2004/Jan/1008866.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/14959
Impacted products
Vendor Product Version
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 5.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 6.1
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 7.0
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
bea weblogic_server 8.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "A8F69E7A-8BBB-4D20-AEE9-F37155AD5C3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:*:win32:*:*:*:*:*",
              "matchCriteriaId": "F119CDFF-214B-42E3-AF10-D8172D4A18E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "2B393A66-08A6-4EBA-B01E-BB6418423F79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "0FAB4F19-EFE0-4860-B9E9-E3938A36AE17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "56955D93-989A-4746-A3FC-1C99A749FAAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp10:*:*:*:*:*:*",
              "matchCriteriaId": "B2B4C4E8-2862-457F-BDCC-3F54B8F7AADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp10:express:*:*:*:*:*",
              "matchCriteriaId": "16324B74-4143-473D-858F-B5B1899822B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp10:win32:*:*:*:*:*",
              "matchCriteriaId": "6ABD1B84-730D-479B-BB39-98C7D5C2373D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp11:*:*:*:*:*:*",
              "matchCriteriaId": "47974FFB-1B28-492B-9A83-78AF16CF62CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp11:express:*:*:*:*:*",
              "matchCriteriaId": "DFA4200B-3877-4FC9-B2AB-E51675CAD71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp11:win32:*:*:*:*:*",
              "matchCriteriaId": "9787A30B-B85C-4434-AE28-03F5B5C8DEBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp12:*:*:*:*:*:*",
              "matchCriteriaId": "6F27425D-1754-44AE-A4B5-F27D5FA6A052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp12:express:*:*:*:*:*",
              "matchCriteriaId": "B1C2B98A-EF68-4569-B50C-8F21D2298435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp12:win32:*:*:*:*:*",
              "matchCriteriaId": "F80AE1DC-B4B6-4E8C-A199-BFF64B0563F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp13:*:*:*:*:*:*",
              "matchCriteriaId": "034C62E6-3598-4D66-A0BD-8BD2E67048C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp13:express:*:*:*:*:*",
              "matchCriteriaId": "7D5A058C-D9DD-4B78-815E-40E27EC1C6BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp13:win32:*:*:*:*:*",
              "matchCriteriaId": "73589C92-14F1-494E-B264-A632A03DFCCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "99D0A3A8-1444-4DA4-AEF3-08578482574C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "8B0B183B-95A3-463D-B76B-50640F554013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "FD3C09F5-6E4A-43C4-8AEB-7DBBDE9DCC33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "523836A4-0110-4CD3-A81E-988A02AEA68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "36A0EFDA-409E-44F0-9F8B-167A72D2361B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp3:win32:*:*:*:*:*",
              "matchCriteriaId": "8ACD6465-6904-4F6B-92F0-02078D0B41BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "A705EB67-3961-445F-8023-F82C7618BE2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "51A8AB95-FB23-4A7A-A6F5-EF442EAABD26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp4:win32:*:*:*:*:*",
              "matchCriteriaId": "BDF43AB2-1778-4B6D-B766-FF71DBE3C0A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "BD698DD8-5491-4A73-A527-8C9228992A2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp5:express:*:*:*:*:*",
              "matchCriteriaId": "5F00947F-1804-41D5-8F2B-7E48C77B1306",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp5:win32:*:*:*:*:*",
              "matchCriteriaId": "13C06026-2AC9-4419-A7B8-9F0ECDD8DBD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "86C4679F-F13F-4A97-AE42-BC54BD0F149C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp6:express:*:*:*:*:*",
              "matchCriteriaId": "114E5E3E-84B2-4DD3-98FC-2ABFFA41BAD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp6:win32:*:*:*:*:*",
              "matchCriteriaId": "883ABAC3-3D2D-4D1A-8125-96A7CC0CE93D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp7:*:*:*:*:*:*",
              "matchCriteriaId": "EF96A26E-7284-43A0-BD6A-907E1029197D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp7:express:*:*:*:*:*",
              "matchCriteriaId": "9B6656CF-65ED-4F8E-B9F2-75A9DC1571D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp7:win32:*:*:*:*:*",
              "matchCriteriaId": "0DDF3D79-F7B0-4FB2-B22C-B432BDC24B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp8:*:*:*:*:*:*",
              "matchCriteriaId": "C8479B6C-464F-41BC-BF81-31EA74CEF4D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp8:express:*:*:*:*:*",
              "matchCriteriaId": "7C013AE2-4B06-437A-815F-FAADD28CFA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp8:win32:*:*:*:*:*",
              "matchCriteriaId": "F13D9A20-173F-46AB-8473-E69F6D617112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp9:*:*:*:*:*:*",
              "matchCriteriaId": "B08241CF-0F3D-44E2-8D72-4F98413933EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp9:express:*:*:*:*:*",
              "matchCriteriaId": "D7306C09-BFBA-4DC0-8EA1-E5A5C0BC080F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:5.1:sp9:win32:*:*:*:*:*",
              "matchCriteriaId": "BC28783D-34C6-49B7-A02F-059DED18E71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDCF6AE-43DC-4AE5-9260-CA657F40BE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "05AFBE78-C611-4EA2-8B00-5F8B61696CBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:*:win32:*:*:*:*:*",
              "matchCriteriaId": "AC5439C1-D06F-44C6-94F5-2BD8598A506C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "5DFE26B3-31F2-4FC0-854D-56EA4D08C28A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "C3B7752C-B297-480A-B3FC-948EA081670C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "E40C38EC-ECA4-4F0C-8468-16191CDB9997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "63017BF8-D681-45EC-9C31-09D029F1126D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "71892EC0-E6B1-4214-AC53-06489F711829",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "C4FD8871-680E-40F9-85AB-417B5195D4BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "8E0B1791-974A-4967-8CF9-33BE8183200B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "696F52AE-FEB9-4090-872E-FDFD969F5604",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp3:win32:*:*:*:*:*",
              "matchCriteriaId": "2B4BC3F5-BFE8-4834-B427-B6260D5B7A85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "7B12A8B1-F78E-46B3-8872-4C6484345477",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "DCED03B6-7565-4F53-8D85-F3391BF66988",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp4:win32:*:*:*:*:*",
              "matchCriteriaId": "D2FE768F-363B-49BC-8410-739B164FB32E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:*:*:*:*:*:*",
              "matchCriteriaId": "CB2FB0E9-3812-49C5-94F4-3B39D5BE2EED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:express:*:*:*:*:*",
              "matchCriteriaId": "B70F0353-635F-465B-A7E5-AF2D017AB008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp5:win32:*:*:*:*:*",
              "matchCriteriaId": "D3DA28D0-18CC-4F99-AABB-EC7863CBD455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:*:*:*:*:*:*",
              "matchCriteriaId": "6B091903-943F-4822-9F24-9D109B2D76A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:6.1:sp6:win32:*:*:*:*:*",
              "matchCriteriaId": "CE1D6EE4-8545-4D0A-A50B-C8009F054DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C5AFCF-79D8-4005-B800-B0C6BD461276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:express:*:*:*:*:*",
              "matchCriteriaId": "FBDF3AC0-0680-4EEE-898C-47D194667BE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:*:win32:*:*:*:*:*",
              "matchCriteriaId": "8DEDDAF2-555D-4425-B4B6-65B1E9C21FF1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6828CE4B-91E8-4688-977F-DC7BC21131C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "BBDB9094-78E8-4CBF-9F5F-321D5174F1EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "9CD2BB36-AC0B-48E9-91E1-A4465896E87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "E141AA86-C6D0-4FA8-9268-0FB0635DF9CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "6FB8930F-C6D8-40B9-8D08-751F5B47229B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "A5C59B80-279B-45B3-9CC1-5A263681025B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "893D9D88-43C4-4F9F-A364-0585DE6FA9E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:express:*:*:*:*:*",
              "matchCriteriaId": "D59F9859-7344-43F0-9348-E57FABB9E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp3:win32:*:*:*:*:*",
              "matchCriteriaId": "D2D05BAB-AB3B-466E-8301-01A41644DE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:*:*:*:*:*:*",
              "matchCriteriaId": "D34E2925-DE2A-437F-B349-BD7103F4C37E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:express:*:*:*:*:*",
              "matchCriteriaId": "0A4EC87D-EF83-48C5-B516-A6A482D9F525",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:7.0:sp4:win32:*:*:*:*:*",
              "matchCriteriaId": "935F28E3-9799-4EF6-AB83-62E9C214DD0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4CEA-9ACC-4869-BC87-3524A059914F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:express:*:*:*:*:*",
              "matchCriteriaId": "ADED8968-EA9C-4F0E-AD2F-BC834F4D8A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:*:win32:*:*:*:*:*",
              "matchCriteriaId": "A3DFE048-905E-4890-809D-F6BCEF7F83C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "6F5B2A06-CE19-4A57-9566-09FC1E259CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:express:*:*:*:*:*",
              "matchCriteriaId": "F7560131-A6AC-4BBB-AA2D-C7C63AB51226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp1:win32:*:*:*:*:*",
              "matchCriteriaId": "349036A0-B5E2-4656-8D2D-26BEE9EF9DFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "D18E22CC-A0FC-4BC7-AD39-2645F57486C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:express:*:*:*:*:*",
              "matchCriteriaId": "893C2387-03E3-4F8E-9029-BC64C64239EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:bea:weblogic_server:8.1:sp2:win32:*:*:*:*:*",
              "matchCriteriaId": "D00633D1-4B38-48D9-B5CD-E8D66EA90599",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting."
    }
  ],
  "id": "CVE-2004-2320",
  "lastModified": "2026-05-28T19:16:21.473",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2004-12-31T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://dev2dev.bea.com/pub/advisory/68"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10726"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/867593"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/3726"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9506"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/alerts/2004/Jan/1008866.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14959"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://dev2dev.bea.com/pub/advisory/68"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/10726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/867593"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/3726"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securityfocus.com/bid/9506"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.securitytracker.com/alerts/2004/Jan/1008866.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/14959"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vendorComments": [
    {
      "comment": "The Apache Software Foundation do not treat this as a security issue. A configuration change can be made to disable the ability to respond to HTTP TRACE requests if required.\n\nFor more information please see:\nhttp://www.apacheweek.com/issues/03-01-24#news",
      "lastModified": "2008-03-05T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.