Описание
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Ссылки
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:microsoft:internet_information_server:3.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_server:4.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:2.0:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 98%
0.62987
Средний
2.6 Low
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
EPSS
Процентиль: 98%
0.62987
Средний
2.6 Low
CVSS2
Дефекты
CWE-200