ServerMask 2.2 and earlier reveals IIS server identity in HTTP responses

ServerMask 2.2 and earlier reveals IIS server identity in HTTP responses

CVE-2003-0105 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.

Learn more about our Cis Benchmark Audit For Microsoft Iis.