Deutsche Version (DE_DE)
English version (EN_US)
Test Methods ( Detailed Overview )
Here is a list of every test performed by Web Scan Service.
IIS Remote Server Name SpoofRemediation Task
Upgrade VersionWASC ClassificationClient-side Attacks: Content SpoofingAffected ProductsMicrosoft IIS 6.0 and priorTechnical DescriptionIt is possible to remotely spoof the "SERVER_NAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof also opens up a potential range of exploits in third party web applications and web services. Fix RecommendationI t seems as Microsoft does not wish to patch this issue. It is recommend to upgrade to the latest version of Microsoft IIS.
Technical DescriptionIt is possible to remotely spoof the "SERVER_NAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof also opens up a potential range of exploits in third party web applications and web services. Fix RecommendationI t seems as Microsoft does not wish to patch this issue. It is recommend to upgrade to the latest version of Microsoft IIS.
I t seems as Microsoft does not wish to patch this issue. It is recommend to upgrade to the latest version of Microsoft IIS.
