Lucene search

[email protected]NVD:CVE-2002-0422

HistoryAug 12, 2002 - 4:00 a.m.

CVE-2002-0422

2002-08-1204:00:00

CWE-200

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.01

Percentile

83.5%

JSON

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.

Affected configurations

Nvd

Node

microsoftinternet_information_servicesMatch5.0

VendorProductVersionCPE
microsoftinternet_information_services5.0cpe:2.3:a:microsoft:internet_information_services:5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	internet_information_services	5.0	cpe:2.3:a:microsoft:internet_information_services:5.0:::::::*

References

marc.info/?l=bugtraq&m=101536634207324&w=2

marc.info/?l=ntbugtraq&m=101535147125320&w=2

www.iss.net/security_center/static/8385.php

www.osvdb.org/13431

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:N/A:N

AI Score

6.6

Confidence

Low

EPSS

0.01

Percentile

83.5%

JSON

Related for NVD:CVE-2002-0422

metasploit2 nessus1 cve1 openvas1 cvelist1 packetstorm1 rapid7blog1