← CVECheck
HomeVulnerabilities

CVE-2003-1306 — LOW severity vulnerability (Microsoft URLScan 2.5, with the RemoveServerHeader option en)

Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.

CVE IDCVE-2003-1306
SeverityLOW
CVSS score2.6
CVSS vectorAV:N/AC:H/Au:N/C:P/I:N/A:N
CWENVD-CWE-Other
StatusModified
Published2003-12-31
Last modified2026-04-16
DescriptionMicrosoft URLScan 2.5, with the RemoveServerHeader option enabled, allows remote attackers to obtain sensitive information (server name and version) via an HTTP request that generates certain errors such as 400 "Bad Request," which leak the Server header in the response.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →