Vulnerability 17961 - CERT Civis.Net

Vulnerability Name:	CCN-17961
Published:	2005-02-08
Updated:	2005-02-08
Summary:	The Apache HTTP Server could allow a remote attacker to obtain sensitive information. Apache HTTP Server uses a configuration directive called ServerTokens to control what information the server discloses about itself in the HTTP header lines of the banner in a response to a query. The information disclosed includes the operating system and the software version numbers running on the server. ServerTokens has not been set, which could allow an attacker to examine the banner and obtain sensitive information, which the attacker could use to launch further attacks.
CVSS v3 Severity:
CVSS v2 Severity:
Vulnerability Consequences:	Obtain Information
References:	Source: CCN Type: Federal Office for Information Security Web site S 4.194 Secure basic configuration of an Apache web server Source: XF Type: UNKNOWN apache-server-token-not-set(17961)
Vulnerable Configuration:	*Configuration CCN 1:* cpe:/a:apache:http_server:::::::: AND cpe:/o:ibm:aix:::::::: OR cpe:/o:sgi:irix:::::::: OR cpe:/a:accelatech:bizsearch:3.2:-::::linux_kernel::* OR cpe:/o:sun:solaris:::::::: OR cpe:/o:microsoft:windows_95:::::::: OR cpe:/o:microsoft:windows_nt:4.0:::::::* OR cpe:/o:microsoft:windows_98:::::::: OR cpe:/o:microsoft:windows_98se:::::::: OR cpe:/o:microsoft:windows_2000:::::::: OR cpe:/o:microsoft:windows_me:::::::: OR cpe:/o:compaq:tru64:::::::: OR cpe:/o:microsoft:windows:xp:::::::* OR cpe:/o:microsoft:windows_2003_server:::::::: Denotes that component is vulnerable
BACK

CCN-17961