Intelligence Center » Browse All Vulnerabilities » CVE-2000-0649
Overview |
|
Vulnerability Score | ![]() |
CVE Id | CVE-2000-0649 |
Last Modified | 10 Sep 2008 03:05:32 |
Published | 13 Jul 2000 12:00:00 |
Confidentiality Impact | ![]() |
Integrity Impact | ![]() |
Availability Impact | ![]() |
Access Vector | NETWORK |
Access Complexity | HIGH |
Authentication | NONE |

CVE-2000-0649
Summary
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Vulnerable Systems
Application
Microsoft Internet Information Server 2.0
Microsoft Internet Information Server 3.0
Microsoft Internet Information Server 4.0
Microsoft Internet Information Server 5.0
References
BID - 1499
NTBUGTRAQ - 20000713 IIS4 Basic authentication realm issue
Last Updated: 27 May 2016 10:35:48