PT-2000-1583 · Microsoft · Iis
Published
2000-07-13
·
Updated
2020-11-23
·
CVE-2000-0649
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
IIS version 4.0
Description
The issue allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Recommendations
For IIS version 4.0, define a realm for web pages protected by basic authentication to prevent disclosure of the internal IP address.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Iis