CVE-2004-2320 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2004-2320 Interim 1 4 2025-11-05T06:33:22Z current 2021-05-30T12:31:26Z 2025-11-05T06:33:22Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2004-2320 The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing (XST) attacks in applications that are vulnerable to cross-site scripting. CVE-2004-2320 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N