Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft IIS 4.0/5.0/6.0 - Internal IP Address/Internal Network Name Disclosure

🗓️ 08 Aug 2001 00:00:00Reported by Marek RoyType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 31 Views

Vulnerability in Microsoft IIS may expose internal IP address or network name to remote attackers.

Code
source: https://www.securityfocus.com/bid/3159/info

A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be exploited if an attacker connects to a host using HTTPS (typically on port 443) and crafts a specially formed GET request. Microsoft IIS will return a 302 Object Moved error message containing the internal IP address or internal network name of the server.

It has been reported that a target host using HTTP is also vulnerable to this issue. 

GET /directory HTTP/1.0

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
08 Aug 2001 00:00Current
7.4High risk
Vulners AI Score7.4
microsoft iis vulnerabilityinternal ip addressnetwork name disclosureremote attacker exposurehttps exploit
31