VULHUB ™

A weakness has been reported for URLScan that may result in the disclosure of sensitive information. The weakness exists because of the way URLScan handles HEAD HTTP requests. Specifically, when URLScan receives a HEAD request that is subsequently rejected, it is automatically converted to a GET request and sent to the underlying IIS server. The information returned may allow an attacker to identify systems that incorporate the use of URLScan.

A weakness has been reported for URLScan that may result in the disclosure of sensitive information. The weakness exists because of the way URLScan handles HEAD HTTP requests. Specifically, when URLScan receives a HEAD request that is subsequently rejected, it is automatically converted to a GET request and sent to the underlying IIS server. The information returned may allow an attacker to identify systems that incorporate the use of URLScan.