CVE-2003-0105

ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.

Published: Sep 28, 2004
Updated: Apr 13, 2023
CVE: CVE-2003-0105
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
port80_software / servermask	-	2.2.x

http://marc.info/?l=bugtraq&m=109215441332682&w=2
http://www.corsaire.com/advisories/c030224-001.txt
https://exchange.xforce.ibmcloud.com/vulnerabilities/16947

Vulnerability Database

290,476

CVE-2003-0105