exploitDog

CVE-2003-1306

Опубликовано: 31 дек. 2003

Источник: nvd

CVSS2: 2.6

EPSS Низкий

Описание

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.

Ссылки

http://archives.neohapsis.com/archives/sf/www-mobile/2003-q3/0021.html
Exploit
http://secunia.com/advisories/9194
Vendor Advisory
http://www.osvdb.org/29370
Exploit
http://archives.neohapsis.com/archives/sf/www-mobile/2003-q3/0021.html
Exploit
http://secunia.com/advisories/9194
Vendor Advisory
http://www.osvdb.org/29370
Exploit

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:microsoft:urlscan:2.5:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.00462

Низкий

2.6 Low

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-24rh-3pgw-777c

github

больше 3 лет назад

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.

EPSS

Процентиль: 64%

0.00462

Низкий

2.6 Low

CVSS2

Дефекты

NVD-CWE-Other