Private IP Address Leaked Using The PROPFIND Method Network Vulnerability

Summary

The remote web server leaks a private IP address through the WebDAV interface. If this web server is behind a Network Address Translation (NAT) firewall or proxy server, then the internal IP addressing scheme has been leaked. This is typical of IIS 5.0 installations that are not configured properly. Detail: http://www.nextgenss.com/papers/iisrconfig.pdf

Solution

see http://support.microsoft.com/default.aspx?scid=KB%3BEN-US%3BQ218180&ID=KB%3BEN-US%3BQ218180

Severity

Classification

CVE CVE-2002-0422
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:P/I:N/A:N

Related Vulnerabilities

BulletProof FTP Version Detection
Fortinet Fortigate console management detection
Evolution Mail Client Information Disclosure Vulnerability
Amarok Player Version Detection (Linux)
GraphicsMagick Version Detection (Linux)

Private IP address Leaked using the PROPFIND method

Take action and discover your vulnerabilities