Information Leak Vulnerability in IIS by Microsoft
CVE-2002-0419

Currently unrated

Key Information:

Vendor: Microsoft
Status: Internet Information Services; Internet Information Server
Vendor: CVE Published:; 12 August 2002

Summary

The vulnerability in Microsoft Internet Information Services (IIS) 4 through 5.1 arises from improper handling of authentication responses, which can unintentionally expose sensitive information. In certain configurations, if a server's IP address is used as the realm for Basic authentication, it may disclose concealed real IP addresses that are typically hidden by NAT. Additionally, the use of NTLM authentication may reveal the server's NetBIOS name and Windows NT domain in response to an Authorization request. These information leaks could significantly aid potential attackers in conducting brute force attacks or gathering sensitive details about the server's environment.

References

http://www.securityfocus.com/bid/4235

vdb-entryx_refsource_BID

http://www.iss.net/security_center/static/8382.php

vdb-entryx_refsource_XF

http://marc.info/?l=bugtraq&m=101535399100534&w=2

mailing-listx_refsource_BUGTRAQ

EPSS Score

23% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Aug 12, 2002
Vulnerability Reserved
Jun 7, 2002