Vulnerability Description
ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.
CVSS Score
5.0
MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Port80 Software | Servermask | <= 2.2 |
References
- http://marc.info/?l=bugtraq&m=109215441332682&w=2
- http://www.corsaire.com/advisories/c030224-001.txtVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16947
- http://marc.info/?l=bugtraq&m=109215441332682&w=2
- http://www.corsaire.com/advisories/c030224-001.txtVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16947
FAQ
What is CVE-2003-0105?
CVE-2003-0105 is a vulnerability with a CVSS score of 5.0 (MEDIUM). ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.
How severe is CVE-2003-0105?
CVE-2003-0105 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-0105?
Check the references section above for vendor advisories and patch information. Affected products include: Port80 Software Servermask.