I have a vulnerability reporting on QID150022. This is normally an input string validation error (Form input or url I thought) - however the message I receive doesn't seem to indicate this.
The results I receive are of the form :
url: https://<ip address>/Toplevel/nextlevel/webHelp/defining_iphone.htm
matched: Service Unavailable
This is coming up as a CVSS score 7.5 and a severity level of High.
Could someone tell me what the variants value of 6 actually refers to and secondly - Is the matched entry listed here, simply what has been returned from the page when access has been attempted ? I'm unclear from this listing actually what strings have been sent to the page, nor what the actual vulnerability is in this case.
Many thanks for any help people can provide.