- Description
- ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.
- Source
- cve@mitre.org
- NVD status
- Deferred
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:port80_software:servermask:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "563FA27F-F5EA-475E-B774-98205B0D8397",
"versionEndIncluding": "2.2"
}
],
"operator": "OR"
}
]
}
]