Vulnerability Description
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Microsoft | Internet Information Server | 3.0 |
| Microsoft | Internet Information Services | 2.0 |
Related Weaknesses (CWE)
References
- http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/1499ExploitPatchVendor Advisory
- http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.htmlExploitPatchVendor Advisory
- http://www.securityfocus.com/bid/1499ExploitPatchVendor Advisory
FAQ
What is CVE-2000-0649?
CVE-2000-0649 is a vulnerability with a CVSS score of 2.6 (LOW). IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
How severe is CVE-2000-0649?
CVE-2000-0649 has been rated LOW with a CVSS base score of 2.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2000-0649?
Check the references section above for vendor advisories and patch information. Affected products include: Microsoft Internet Information Server, Microsoft Internet Information Services.