Secure HyperText Transfer Protocol (S-HTTP) Detection

medium Nessus Plugin ID 11720

Language:

Synopsis

The remote web server encrypts traffic using an obsolete protocol.

Description

The remote web server accepts connections encrypted using Secure HyperText Transfer Protocol (S-HTTP), a cryptographic layer that was defined in 1999 by RFC 2660 and never widely implemented.

Solution

Rare or obsolete code is often poorly tested. Thus, it would be safer to disable support for S-HTTP and use HTTPS instead.

See Also

https://tools.ietf.org/html/rfc2660

Plugin Details

Severity: Medium

ID: 11720

File Name: shttp_detect.nasl

Version: 1.20

Type: remote

Published: 6/11/2003

Updated: 6/12/2020

Asset Inventory: true

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N