Information Leak Vulnerability in IIS by Microsoft
CVE-2002-0419

Currently unrated

Key Information:

Vendor

Microsoft
Status
Internet Information Services
Internet Information Server
Vendor
CVE Published:
12 August 2002

What is CVE-2002-0419?

The vulnerability in Microsoft Internet Information Services (IIS) 4 through 5.1 arises from improper handling of authentication responses, which can unintentionally expose sensitive information. In certain configurations, if a server's IP address is used as the realm for Basic authentication, it may disclose concealed real IP addresses that are typically hidden by NAT. Additionally, the use of NTLM authentication may reveal the server's NetBIOS name and Windows NT domain in response to an Authorization request. These information leaks could significantly aid potential attackers in conducting brute force attacks or gathering sensitive details about the server's environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/bid/4235
vdb-entryx_refsource_BID
http://www.iss.net/security_center/static/8382.php
vdb-entryx_refsource_XF
http://marc.info/?l=bugtraq&m=101535399100534&w=2
mailing-listx_refsource_BUGTRAQ

EPSS Score

31% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.