Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1306

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2003-1306
Last Modified 05 Sep 2008 04:36:35
Published 31 Dec 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-1306

Summary

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.

Vulnerable Systems


References

OSVDB - 29370

SECUNIA - 9194

MLIST - [WWW-Mobile-Code] 20030706 can - IIS Version Disclosure


Last Updated: 27 May 2016 10:38:18