This vulnerability is 15 years 3 months and 12 days old and there are presently no exploits available for the it. The vulnerability itself is over a year old, and while there are presently no publicly known exploits available for it, the vulnerability should be patched within the next three months.
SynopsisThe remote web server is running Microsoft IIS.
Vulnerability DescriptionThe Patch level (Service Pack) of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk.
This test makes assumptions of the remote patch level based on static return values (Content-Length) within a IIS Server's 404 error message. As such, the test can not be totally reliable and should be manually confirmed. Note also that, to determine IIS6 patch levels, a simple test is done based on strict RFC 2616 compliance. It appears as if IIS6-SP1 will accept CR as an end-of-line marker instead of both CR and LF.
SolutionEnsure that the server is running the latest stable Service Pack.
Further InformationThere is no further information available at this time.
CVE ReferencesN/A NIST | MITRE | CVEDetails
Get in touch
Should you have any questions regarding this or any security matter, please do not hesitate to get in touch by emailing the Hedgehog Cyber Operations Team.
Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for Hedgehog Cyber to test every possible scenario an organisation may face, and Hedgehog Cyber cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. Hedgehog Cyber strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.