Back to search
CVE-2002-0422
Published: Jun 11, 2002
Modified: Aug 8, 2024
PUBLISHED
Description
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
iis-request-ip-disclosure(8385)
vdb-entry
x_refsource_XF
20020305 IIS Internal IP Address Disclosure (#NISR05032002B)
mailing-list
x_refsource_NTBUGTRAQ
20020305 IIS Internal IP Address Disclosure (#NISR05032002B)
mailing-list
x_refsource_BUGTRAQ
13431
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now