Description

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.

Remediation

References

CVE-2002-0422

Related Vulnerabilities

WordPress Plugin User Registration-Custom Registration Form, Login Form And User Profile Security Bypass (2.3.2.1)

WordPress Plugin InstaWP Connect-1-click WP Staging & Migration Security Bypass (0.1.0.44)

WordPress Plugin WP Cost Estimation & Payment Forms Builder Directory Traversal (9.659)

MySQL Other Vulnerability (CVE-2006-3081)

Magento Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2019-7872)

Severity

Low

Classification

CVE-2002-0422 CWE-200

Tags

Missing Update Known Vulnerabilities