| Vulnerability Name: | CVE-2002-0422 (CCN-8385) | ||||||||
| Assigned: | 2002-03-04 | ||||||||
| Published: | 2002-03-04 | ||||||||
| Updated: | 2020-11-23 | ||||||||
| Summary: | IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-200 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: MITRE Type: CNA CVE-2002-0422 Source: BUGTRAQ Type: UNKNOWN 20020305 IIS Internal IP Address Disclosure (#NISR05032002B) Source: NTBUGTRAQ Type: UNKNOWN 20020305 IIS Internal IP Address Disclosure (#NISR05032002B) Source: XF Type: UNKNOWN iis-request-ip-disclosure(8385) Source: CCN Type: NGSSoftware Insight Security Research Advisory #NISR05032002B Internal IP Addresses and IIS Source: OSVDB Type: UNKNOWN 13431 Source: CCN Type: OSVDB ID: 13431 Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure Source: CCN Type: OSVDB ID: 13432 Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure Source: CCN Type: OSVDB ID: 13433 Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure Source: XF Type: UNKNOWN iis-request-ip-disclosure(8385) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||