Description
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Remediation
References
Related Vulnerabilities
WordPress Plugin Quick Event Manager Multiple Vulnerabilities (9.7.4)
WordPress 4.5.x Multiple Vulnerabilities (4.5 - 4.5.21)
WebLogic CVE-2018-3248 Vulnerability (CVE-2018-3248)
WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.28)
Jboss EAP Improper Neutralization of CRLF Sequences ('CRLF Injection') Vulnerability (CVE-2016-4993)