CGI abuses : WebSTAR Statistical information disclosure

Vulnerability Search		Search 324607 CVE descriptions and 145615 test descriptions, access 10,000+ cross references.
	Tests CVE All

Test ID: 1.3.6.1.4.1.25623.1.0.55625

Category: CGI abuses

Title: WebSTAR Statistical information disclosure

Summary: NOSUMMARY

Description: Description:

The server appears to be a WebSTAR server responding to
URL requests containing the string M_A_C_H_T_T_P_V_E_R_S_I_O_N
This gives out sensitive information regarding the configuration
of the system, how busy it is, and how long it has been running.

In addition, these requests do not show up in any logs, allowing
an attacker to use this for denial of service requests.

Solution: Upgrade to a later version.
http://mail-archives.apache.org/mod_mbox/httpd-dev/199607.mbox/%3C199607132341.SAA06955@sierra.zyzzyva.com%3E

Risk factor : Medium

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.
To run a free test of this vulnerability against your system, register below.

Test ID:	1.3.6.1.4.1.25623.1.0.55625
Category:	CGI abuses
Title:	WebSTAR Statistical information disclosure
Summary:	NOSUMMARY
Description:	Description: The server appears to be a WebSTAR server responding to URL requests containing the string M_A_C_H_T_T_P_V_E_R_S_I_O_N This gives out sensitive information regarding the configuration of the system, how busy it is, and how long it has been running. In addition, these requests do not show up in any logs, allowing an attacker to use this for denial of service requests. Solution: Upgrade to a later version. http://mail-archives.apache.org/mod_mbox/httpd-dev/199607.mbox/%3C199607132341.SAA06955@sierra.zyzzyva.com%3E Risk factor : Medium
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com