Sign-up

ID

VAR-200208-0015


CVE

CVE-2002-0422


TITLE

IIS Far East Edition CVE-2002-0422 Remote Security Vulnerability

Trust: 0.6

sources: BID: 89691 // BID: 89633

DESCRIPTION

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header. IIS Far East Edition is prone to a remote security vulnerability

Trust: 1.53

sources: NVD: CVE-2002-0422 // BID: 89691 // BID: 89633 // VULMON: CVE-2002-0422

AFFECTED PRODUCTS

vendor:microsoftmodel:internet information servicesscope:eqversion:5.0

Trust: 1.6

vendor:microsoftmodel:iisscope:eqversion:5.1

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.0

Trust: 0.6

vendor:microsoftmodel:internet information serverscope:eqversion:5.1

Trust: 0.6

sources: BID: 89691 // BID: 89633 // CNNVD: CNNVD-200208-158 // NVD: CVE-2002-0422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0422
value: LOW

Trust: 1.0

CNNVD: CNNVD-200208-158
value: LOW

Trust: 0.6

VULMON: CVE-2002-0422
value: LOW

Trust: 0.1

nvd@nist.gov: CVE-2002-0422
severity: LOW
baseScore: 2.6
vectorString: AV:N/AC:H/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 4.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

sources: VULMON: CVE-2002-0422 // CNNVD: CNNVD-200208-158 // NVD: CVE-2002-0422

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.0

sources: NVD: CVE-2002-0422

THREAT TYPE

network

Trust: 0.6

sources: BID: 89691 // BID: 89633

TYPE

Failure to Handle Exceptional Conditions

Trust: 0.6

sources: BID: 89691 // BID: 89633

PATCH

title: - url:https://github.com/k0pak4/k0pak4

Trust: 0.1

sources: VULMON: CVE-2002-0422

EXTERNAL IDS

db:NVDid:CVE-2002-0422

Trust: 2.3

db:OSVDBid:13431

Trust: 1.7

db:CNNVDid:CNNVD-200208-158

Trust: 0.6

db:BIDid:89691

Trust: 0.4

db:BIDid:89633

Trust: 0.3

db:VULMONid:CVE-2002-0422

Trust: 0.1

sources: VULMON: CVE-2002-0422 // BID: 89691 // BID: 89633 // CNNVD: CNNVD-200208-158 // NVD: CVE-2002-0422

REFERENCES

url:http://www.iss.net/security_center/static/8385.php

Trust: 2.3

url:http://www.osvdb.org/13431

Trust: 1.7

url:http://marc.info/?l=ntbugtraq&m=101535147125320&w=2

Trust: 1.7

url:http://marc.info/?l=bugtraq&m=101536634207324&w=2

Trust: 1.7

url:http://marc.theaimsgroup.com/?l=bugtraq&m=101536634207324&w=2

Trust: 0.6

url:http://marc.theaimsgroup.com/?l=ntbugtraq&m=101535147125320&w=2

Trust: 0.6

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://www.securityfocus.com/bid/89691

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://www.rapid7.com/db/modules/auxiliary/scanner/http/webdav_internal_ip

Trust: 0.1

url:https://github.com/k0pak4/k0pak4

Trust: 0.1

sources: VULMON: CVE-2002-0422 // BID: 89691 // BID: 89633 // CNNVD: CNNVD-200208-158 // NVD: CVE-2002-0422

CREDITS

Unknown

Trust: 0.6

sources: BID: 89691 // BID: 89633

SOURCES

db:VULMONid:CVE-2002-0422
db:BIDid:89691
db:BIDid:89633
db:CNNVDid:CNNVD-200208-158
db:NVDid:CVE-2002-0422

LAST UPDATE DATE

2024-08-14T15:25:50.284000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2002-0422date:2020-11-23T00:00:00
db:BIDid:89691date:2002-08-12T00:00:00
db:BIDid:89633date:2002-08-12T00:00:00
db:CNNVDid:CNNVD-200208-158date:2021-08-16T00:00:00
db:NVDid:CVE-2002-0422date:2020-11-23T19:49:27.407

SOURCES RELEASE DATE

db:VULMONid:CVE-2002-0422date:2002-08-12T00:00:00
db:BIDid:89691date:2002-08-12T00:00:00
db:BIDid:89633date:2002-08-12T00:00:00
db:CNNVDid:CNNVD-200208-158date:2002-08-12T00:00:00
db:NVDid:CVE-2002-0422date:2002-08-12T04:00:00