Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0419

CWE-200 — Information Exposure4 documents4 sources

Severity

5.0MEDIUM

EPSS

31.3%

top 3.23%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Microsoft Internet Information Server Microsoft Internet Information Services

Timeline

PublishedAug 12

Latest updateApr 30

Description

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization r…

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDmicrosoft/internet_information_server4.0

▶NVDmicrosoft/internet_information_services5.0

🔴Vulnerability Details

GHSA

GHSA-3xw9-3h5v-3873: Information leaks in IIS 4 through 5↗2022-04-30

▶

CVEList

CVE-2002-0419: Information leaks in IIS 4 through 5↗2002-06-11

▶

💥Exploits & PoCs

Exploit-DB

Microsoft IIS 4.0/5.0/5.1 - Authentication Method Disclosure↗2002-03-05

▶