Apache Server ETag Header Information Disclosure

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by an information disclosure
vulnerability.

Description :

The remote web server is affected by an information disclosure
vulnerability due to the ETag header providing sensitive information
that could aid an attacker, such as the inode number of requested
files.

See also :

http://httpd.apache.org/docs/2.2/mod/core.html#FileETag

Solution :

Modify the HTTP ETag header of the web server to not include file
inodes in the ETag header calculation. Refer to the linked Apache
documentation for more information.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 4.8
(CVSS2#E:F/RL:ND/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 88098 ()

Bugtraq ID: 6939

CVE ID: CVE-2003-1418

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now