发布时间 :2002-08-12 00:00:00
修订时间 :2016-10-17 22:20:16

[原文]IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.


        IIS 5和5.1版本支持WebDAV类函数。远程攻击者可以借助(1)带有空头的PROPFIND HTTP请求泄漏207多状态响应地址或(2) WRITE或MKCOL类函数泄漏位置服务器头的IP。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:5.1Microsoft IIS 5.1

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20020305 IIS Internal IP Address Disclosure (#NISR05032002B)
(UNKNOWN)  NTBUGTRAQ  20020305 IIS Internal IP Address Disclosure (#NISR05032002B)
(UNKNOWN)  XF  iis-request-ip-disclosure(8385)

- 漏洞信息

低危 未知
2002-08-12 00:00:00 2005-10-20 00:00:00
        IIS 5和5.1版本支持WebDAV类函数。远程攻击者可以借助(1)带有空头的PROPFIND HTTP请求泄漏207多状态响应地址或(2) WRITE或MKCOL类函数泄漏位置服务器头的IP。

- 公告与补丁


- 漏洞信息

Microsoft IIS WebDAV Malformed PROPFIND Request Internal IP Disclosure
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

Microsoft IIS with WebDAV contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker supplies a malformed PROPFIND request containing an empty Host: header, which will disclose the server's internal IP address.

- 时间线

2002-03-05 Unknow
2002-03-05 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Open a command prompt and change the current directory to c:\inetpub\adminscripts or to where the adminscripts can be found. Run the commands: adsutil set w3svc/UseHostName True net stop iisadmin /y net start w3svc

- 相关参考

- 漏洞作者