Lucene search
MitreCVE-2003-0105HistorySep 28, 2004 - 4:00 a.m.
CVE-2003-0105
2004-09-2804:00:00
mitre
web.nvd.nist.gov
37
servermask
obfuscate
etag
http
status message
iis
security vulnerability
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.005
Percentile
76.8%
ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.
Affected configurations
Node
port80_softwareservermaskRangeβ€2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| port80_software | servermask | * | cpe:2.3:a:port80_software:servermask:*:*:*:*:*:*:*:* |
Related
securityvulns
securityvulns
Corsaire Security Advisory - Port80 Software ServerMask inconsistencies
2004-08-11 00:00:00
packetstorm
packetstorm
Corsaire Security Advisory 2003-02-24.1
2004-08-10 00:00:00
cvelist
cvelist
CVE-2003-0105
2004-08-18 04:00:00
nvd
nvd
CVE-2003-0105
2004-09-28 04:00:00
pentestpartners
pentestpartners
Vulnerabilities that arenβt. ETag headers
2022-02-04 06:24:59
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.8
Confidence
Low
EPSS
0.005
Percentile
76.8%
Related for CVE-2003-0105