Description
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
Affected products
- Microsoft / internet_information_server3.0 β 3.0
- Microsoft / internet_information_server4.0 β 4.0
- Microsoft / internet_information_services2.0 β 2.0
- Microsoft / internet_information_services5.0 β 5.0