Web Server PROPFIND Method Internal IP Disclosure

low Nessus Plugin ID 12113

Synopsis

This web server leaks a private IP address through its WebDAV interface.

Description

The remote installation of IIS leaks a private IP address through the WebDAV interface. This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.

This is typical of IIS installations that are not configured properly.

Solution

Consult Microsoft's KB article for steps to resolve the issue.

See Also

http://www.nessus.org/u?cc0a1812

https://seclists.org/bugtraq/2002/Mar/101

http://www.nessus.org/u?8c9fccc4

Plugin Details

Severity: Low

ID: 12113

File Name: propfind_internal_ip.nasl

Version: 1.30

Type: remote

Family: Web Servers

Published: 3/18/2004

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Low

Score: 2.7

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2002-0422

Vulnerability Information

CPE: cpe:/a:microsoft:internet_information_services

Excluded KB Items: Settings/disable_cgi_scanning

Vulnerability Publication Date: 3/5/2002

Reference Information

CVE: CVE-2002-0422

CWE: 200