漏洞名稱:可通過HTTP獲取遠端WWW服務信息
-
Description
REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: None. Reason: this candidate is solely about a configuration that does not directly introduce security vulnerabilities, so it is more appropriate to cover under the Common Configuration Enumeration (CCE). Notes: the former description is: "The HTTP/WWW service is running." -
解決辦法:
- NSFOCUS建議您採取以下措施以降低威脅:
- 改變您的HTTP服務器的缺省banner。
- 講人話就是:你的服務地址暴露了一些服務相關的信息,比如:“你的服務正在運行中”,屏蔽掉相關敏感信息就行。
漏洞官方描述:http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0633