Apache

Notified:  January 09, 2003 Updated: January 10, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

BEA Systems Inc.

Updated:  February 24, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

IBM Corporation

Updated:  February 22, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Please see http://www-1.ibm.com/support/docview.wss?&uid=swg21201202.

Lotus Software

Updated:  February 22, 2008

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

Please see http://www-1.ibm.com/support/docview.wss?&uid=swg21201202.

Microsoft Corporation

Notified:  January 09, 2003 Updated: January 23, 2003

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Oracle Corporation

Updated:  February 24, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Roxen Internet Software AB

Updated:  February 24, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

Sun Microsystems, Inc.

Notified:  January 09, 2003 Updated: August 17, 2009

Statement Date:   February 19, 2003

Status

  Vulnerable

Vendor Statement

The iPlanet Web Server 4.1 and Sun ONE Web Server 6.0 both have HTTP TRACE enabled by default. For details of how to disable HTTP TRACE support, see the following Sun Alert: http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/50603

Vendor Information

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200171-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java

Vendor References

http://sunsolve.sun.com/search/document.do?assetkey=1-66-200171-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200942-1 http://blogs.sun.com/meena/entry/disabling_trace_in_sun_java

thttpd

Updated:  February 24, 2003

Status

  Unknown

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.