CVE-2003-0105

Published Sep 28, 2004

Last updated 7 years ago

Overview

Description: ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:port80_software:servermask:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "563FA27F-F5EA-475E-B774-98205B0D8397",
            "versionEndIncluding": "2.2"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References