Description

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

Remediation

References

CVE-2000-0649

Related Vulnerabilities

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-5131)

WordPress Plugin Adavnced Video embed Local File Inclusion (1.0)

Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2022-42130)

WordPress Plugin Advanced Classifieds & Directory Pro Unspecified Vulnerability (1.6.5)

WordPress Plugin WP RSS Aggregator-News Feeds, Autoblogging, Youtube Video Feeds and More Cross-Site Scripting (4.19.3)

Severity

Low

Classification

CVE-2000-0649 CWE-200

Tags

Missing Update Known Vulnerabilities