Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:74900
HistoryJul 01, 2014 - 12:00 a.m.

MS IIS 4/5/6 Internal IP Address/Internal Network Name Disclosure Vulnerability

2014-07-0100:00:00
Root
www.seebug.org
8
JSON

No description provided by source.


                                                source: http://www.securityfocus.com/bid/3159/info

A vulnerability has been discovered in Microsoft IIS that may disclose the internal IP address or internal network name to remote attackers. This vulnerability can be exploited if an attacker connects to a host using HTTPS (typically on port 443) and crafts a specially formed GET request. Microsoft IIS will return a 302 Object Moved error message containing the internal IP address or internal network name of the server.

It has been reported that a target host using HTTP is also vulnerable to this issue. 

GET /directory HTTP/1.0
JSON