ServerMask 2.2 and earlier reveals IIS server identity in HTTP responses

CVE-2003-0105

ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server.

Learn more about our Cis Benchmark Audit For Microsoft Iis.