• CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
Assigning CNA
MITRE Corporation
Date Record Created
20000802 Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Proposed (20000803)
Votes (Legacy)
ACCEPT(2) LeBlanc, Levy
MODIFY(1) Frech
NOOP(1) Cole
REVIEWING(2) Christey, Wall
Comments (Legacy)
 Christey> ADDREF
   Change description to point out that the internal IP address
   exposure is due to the default configuration as opposed to
   a bug.
 Frech> XF:iis-internal-ip-disclosure(5106)
 CHANGE> [Christey changed vote from NOOP to REVIEWING]
 Christey> There are two variants of the same type of issue here.  The
   KB article shows that IIS 4.0 reveals the IP address in a
   Content-Location MIME header field.  The NTBugtraq article
   says that the IP address is shown in the WWW-Authenticate
   MIME header.  Which one has been fixed, or both, and when?
 Christey> MSKB:Q218180 identifies a problem in which IIS returns the
   info in a Content-Location header, but the authentication
   realm problem is not specifically mentioned.  Are these the
   same problem?

Proposed (Legacy)
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.