header-logo
Suggest Exploit
vendor:
IIS
by:
SecurityFocus
7.5
CVSS
HIGH
Microsoft IIS Internal IP Disclosure
200
CWE
Product Name: IIS
Affected Version From: Microsoft IIS 4.0
Affected Version To: Microsoft IIS 5.0
Patch Exists: YES
Related CWE: CVE-2001-0333
CPE: a:microsoft:iis
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2001

Microsoft IIS Internal IP Disclosure

A vulnerability exists in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be exploited if an attacker connects to a host using HTTPS (typically on port 443) and crafts a specially formed GET request. Microsoft IIS will return a 302 Object Moved error message containing the internal IP address or internal network name of the server.

Mitigation:

Microsoft has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/3159/info

A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be exploited if an attacker connects to a host using HTTPS (typically on port 443) and crafts a specially formed GET request. Microsoft IIS will return a 302 Object Moved error message containing the internal IP address or internal network name of the server.

It has been reported that a target host using HTTP is also vulnerable to this issue. 

GET /directory HTTP/1.0

Navigation

Suggest Exploit

Services By CQR