No CVEs are associated with this vulnerability.
Director is vulnerable to reflected (non-persistent) cross site scripting attacks. User provided data is not validated or sanitized prior to returning it in response to an HTTP TRACE method issued from the client.
The attacker cannot use this vulnerability to steal the administrator's cookies and impersonate the administrator on another machine. The attacker can use this vulnerability to execute malicious script on the client machine.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)