Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0422


Vulnerability Score 2.6 2.6
CVE Id CVE-2002-0422
Last Modified 05 Sep 2008 04:27:59
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE



IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.

Vulnerable Systems


  • Microsoft Internet Information Server 5.0

  • Microsoft Internet Information Server 5.1


NTBUGTRAQ - 20020305 IIS Internal IP Address Disclosure (#NISR05032002B)

OSVDB - 13431

XF - iis-request-ip-disclosure(8385)

Last Updated: 27 May 2016 10:36:54