Back to search
CVE-2003-1306
Published: Oct 9, 2006
Modified: Sep 17, 2024
PUBLISHED
Description
Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
29370
vdb-entry
x_refsource_OSVDB
9194
third-party-advisory
x_refsource_SECUNIA
[WWW-Mobile-Code] 20030706 can - IIS Version Disclosure
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now