kjkoster
04-12-2008, 19:48
Dear All,
I received an update notification from SecurityFocus regarding CVE-2004-2320: BEA WebLogic Server and Express responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2320). Fixes are available.
No idea what actually changed, so I'll let you guys decide for yourselves. Here is the updated SecurityFocus page (http://www.securityfocus.com/bid/9506/info).
Kees jan
I received an update notification from SecurityFocus regarding CVE-2004-2320: BEA WebLogic Server and Express responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2320). Fixes are available.
No idea what actually changed, so I'll let you guys decide for yourselves. Here is the updated SecurityFocus page (http://www.securityfocus.com/bid/9506/info).
Kees jan