National Cyber-Alert System
Vulnerability Summary: ARC-024
Orirignal release date: 2006-09-01
Source: Advanced Research Corporation ®

Overview

    The web server does not conform to HTTP 1.1 specifications. Specifically, it acknolwedges that any file exists on the web server by sending a '200 OK' for any URL request. As a result, many SARA probes have been disabled.

Impact

    CVSS Severity: 6.0 (Medium)
    Range: remote
    Authentication:
    Impact Type:

Reference to Advisories, Solutions, and Tools

Vulnerable Software and Vendor

    HTTP

Technical Details