Executive Summary

Informations
Name CVE-2002-0422 First vendor Publication 2002-08-12
Vendor Cve Last vendor Modification 2020-11-23

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:H/Au:N/C:P/I:N/A:N)
Cvss Base Score 2.6 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity High
Cvss Expoit Score 4.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0422

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-200 Information Exposure

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1

OpenVAS Exploits

Date Description
2005-11-03 Name : Private IP address Leaked using the PROPFIND method
File : nvt/propfind_internal_ip.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
13433 Microsoft IIS WebDAV MKCOL Method Location Server Header Internal IP Disclosure
13432 Microsoft IIS WebDAV WRITE Location Server Header Internal IP Disclosure
13431 Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure

Microsoft IIS with WebDAV contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a malformed PROPFIND request containing an empty Host: header, which will disclose the server's internal IP address.

Nessus® Vulnerability Scanner

Date Description
2004-03-18 Name : This web server leaks a private IP address through its WebDAV interface.
File : propfind_internal_ip.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

Source Url
BUGTRAQ http://marc.info/?l=bugtraq&m=101536634207324&w=2
NTBUGTRAQ http://marc.info/?l=ntbugtraq&m=101535147125320&w=2
OSVDB http://www.osvdb.org/13431
XF http://www.iss.net/security_center/static/8385.php

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
Date Informations
2021-05-04 12:01:40
  • Multiple Updates
2021-04-22 01:01:48
  • Multiple Updates
2020-11-24 00:22:45
  • Multiple Updates
2020-05-23 00:14:57
  • Multiple Updates
2018-10-31 00:19:41
  • Multiple Updates
2016-10-18 12:01:01
  • Multiple Updates
2016-06-28 14:58:41
  • Multiple Updates
2014-02-17 10:24:40
  • Multiple Updates
2013-05-11 12:09:20
  • Multiple Updates