Secure HyperText Transfer Protocol (S-HTTP) Detection

This script is Copyright (C) 2003-2012 Tenable Network Security, Inc.


Synopsis :

The remote web server encrypts traffic using an obsolete protocol.

Description :

The remote web server accepts connections encrypted using Secure
HyperText Transfer Protocol (S-HTTP), a cryptographic layer that was
defined in 1999 by RFC 2660 and never widely implemented.

See also :

http://tools.ietf.org/html/rfc2660

Solution :

Rare or obsolete code is often poorly tested. Thus, it would be
safer to disable support for S-HTTP and use HTTPS instead.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)

Family: Service detection

Nessus Plugin ID: 11720 ()

Bugtraq ID:

CVE ID: