What is CVE-2002-0422?

CVE-2002-0422 is a vulnerability in N/a. Published 2002-06-11.

Is CVE-2002-0422 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2002-0422

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF…

EPSS: 0.657 (98.5th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
rapid7/metasploit-framework
ARPSyndicate/cve-scores
ARPSyndicate/cvemon
k0pak4/k0pak4

References

iis-request-ip-disclosure(8385) (vdb-entry, x_refsource_XF)
20020305 IIS Internal IP Address Disclosure (#NISR05032002B) (mailing-list, x_refsource_NTBUGTRAQ)
20020305 IIS Internal IP Address Disclosure (#NISR05032002B) (mailing-list, x_refsource_BUGTRAQ)
13431 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2002-0422?: CVE-2002-0422 is a vulnerability in N/a. Published 2002-06-11.
Is CVE-2002-0422 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.