Vulnerabilities found: HTTP TRACE / TRACK Methods, Multiple Cross-Site Scripting and Jetty Information Disclosure (4252829)

Chatee ahora con Soporte

Regresar

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Título

Vulnerabilities found: HTTP TRACE / TRACK Methods, Multiple Cross-Site Scripting and Jetty Information Disclosure
Descripción
When running a vulnerability scan the following vulnerabilities appear:
- HTTP TRACE / TRACK Methods Enabled
  CVE ID: CVE-2004-2320, CVE-2010-0386, CVE-2003-1567
  Vendor Reference: Bugtraq ID: 9506
- Multiple Cross-Site Scripting Vulnerabilities
  CVE ID: n/a
  Vendor Reference: Bugtraq ID: n/a
- Jetty Information Disclosure Vulnerability (JetLeak)
  CVE ID: CVE-2015-2080
  Vendor Reference: Jetty Advisory Bugtraq ID: 72768
Resolución

WORKAROUND:
Upgrade the Foglight server to version 5.9.5 / 5.9.6 once the version is available
Contact Quest support to get a hotfix if it is needed before the 5.9.5 release
STATUS:
HTTP TRACE / TRACK Methods Enabled and Jetty Information Disclosure Vulnerability will be fixed in Foglight version 5.9.5
Multiple Cross-Site Scripting Vulnerabilities will be fixed in Foglight version 5.9.6
ID de defecto

FAM-7529, FAM-7539

Comentarios enviados

¿Este artículo solucionó su problema?

Seleccionar calificación

Contenido recomendado

Historial del artículo:: Creado el: 7/12/2019
Última actualización: 5/7/2023

Título