What is CVE-2000-0649?

CVE-2000-0649 is a vulnerability in N/a. Published 2000-08-03.

Is CVE-2000-0649 known to be exploited?

14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2000-0649

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

EPSS: 0.630 (98.4th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rafaelh/CVE-2000-0649
Downgraderz/PoC-CVE-2000-0649
stevenvegar/cve-2000-0649
rapid7/metasploit-framework
CVEDB/awesome-cve-repo
JimboJimbabwe/HackGPTV2
amtzespinosa/lord-of-the-root-walkthrough
0xNVAN/win-iisadmin
kaif9711/Comprehensive-Penetration-Testing-on-Publisher-Linux-System-
n-ventory/win-iisadmin

References

20000713 IIS4 Basic authentication realm issue (mailing-list, x_refsource_NTBUGTRAQ)
1499 (vdb-entry, x_refsource_BID)

Frequently asked questions

What is CVE-2000-0649?: CVE-2000-0649 is a vulnerability in N/a. Published 2000-08-03.
Is CVE-2000-0649 known to be exploited?: 14 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.