AnsweredAssumed Answered

QID150022

Question asked by Rob Adams on Apr 4, 2013
Latest reply on Feb 3, 2015 by Ichikawa Shigehisa

Hi

 

I have a vulnerability reporting on QID150022. This is normally an input string validation error (Form input or url I thought) - however the message I receive doesn't seem to indicate this.

 

The results I receive are of the form :

 

url: https://<ip address>/Toplevel/nextlevel/webHelp/defining_iphone.htm

variants 6

matched: Service Unavailable

 

This is coming up as a CVSS score 7.5 and a severity level of High.

 

Could someone tell me what the variants value of 6 actually refers to and secondly - Is the matched entry listed here, simply what has been returned from the page when access has been attempted ? I'm unclear from this listing actually what strings have been sent to the page, nor what the actual vulnerability is in this case.

 

Many thanks for any help people can provide.

 

Best Rgds

R

Outcomes