CVE-2000-0649

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
References
Link Resource
http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html Exploit Patch Vendor Advisory
http://www.securityfocus.com/bid/1499 Exploit Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2000-07-13 04:00

Updated : 2024-02-28 10:24


NVD link : CVE-2000-0649

Mitre link : CVE-2000-0649

CVE.ORG link : CVE-2000-0649


JSON object : View

Products Affected

microsoft

  • internet_information_server
  • internet_information_services
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor