Insightful &
Helpful Articles

Here is what we're working on and
thinking at Hedgehog security.

Age in Days
CVSS Score
Patch within next
Risk Level



180 Days



This vulnerability is 15 years 3 months and 12 days old and there are presently no exploits available for the it. The vulnerability itself is over a year old, and while there are presently no publicly known exploits available for it, the vulnerability should be patched within the next three months.



The remote web server is running Microsoft IIS.


Vulnerability Description

The Patch level (Service Pack) of the remote IIS server appears to be lower than the current IIS service pack level. As each service pack typically contains many security patches, the server may be at risk.

This test makes assumptions of the remote patch level based on static return values (Content-Length) within a IIS Server's 404 error message. As such, the test can not be totally reliable and should be manually confirmed.  Note also that, to determine IIS6 patch levels, a simple test is done based on strict RFC 2616 compliance. It appears as if IIS6-SP1 will accept CR as an end-of-line marker instead of both CR and LF.



Ensure that the server is running the latest stable Service Pack.


Further Information

There is no further information available at this time.


CVE References



Get in touch

Should you have any questions regarding this or any security matter, please do not hesitate to get in touch by emailing the Hedgehog Cyber Operations Team.

Whilst every effort is made to ensure the accuracy and robustness of any information presented, it is not possible for Hedgehog Cyber to test every possible scenario an organisation may face, and Hedgehog Cyber cannot be held liable for any loss or damage which may arise from taking action on any of the contents provided. Hedgehog Cyber strongly advises that all recommendations, solutions and detection methods detailed, are thoroughly reviewed and tested in non-production environments before being considered suitable for production release, in-line with any existing internal change control procedures.