CVSS: 2.6EPSS: 0%CPEs: 4EXPL: 5CVE-2000-0649 – Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure
https://notcve.org/view.php?id=CVE-2000-0649
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. Collect any leaked internal IPs by requesting commonly redirected locations from IIS. CVE-2000-0649 references IIS 5.1 (win2k, XP) and older. However, in newer servers such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured. Also collects internal IPs leaked from the PROPFIND method in certain IIS versions. • https://www.exploit-db.com/exploits/20096 https://github.com/rafaelh/CVE-2000-0649 https://github.com/Downgraderz/PoC-CVE-2000-0649 http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0025.html http://www.securityfocus.com/bid/1499 https://support.microsoft.com/en-us/help/218180/internet-information-server-returns-ip-address-in-http-header-content https://support.microsoft.com/en-us/topic/fix-the-internal-ip-address-of-an-iis-7-0-server-is-revealed-if-an-http-request-that-does& • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.0EPSS: 75%CPEs: 2EXPL: 1CVE-2000-0408 – Microsoft IIS 4.0/5.0 - Malformed File Extension Denial of Service
https://notcve.org/view.php?id=CVE-2000-0408
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability. • https://www.exploit-db.com/exploits/19907 http://www.microsoft.com/technet/support/kb.asp?ID=260205 http://www.securityfocus.com/bid/1190 http://www.ussrback.com/labs40.html https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-030 •
CVSS: 7.5EPSS: 22%CPEs: 2EXPL: 1CVE-2000-0457 – Microsoft IIS 4.0/5.0 - Malformed Filename Request
https://notcve.org/view.php?id=CVE-2000-0457
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability. • https://www.exploit-db.com/exploits/19908 http://marc.info/?l=bugtraq&m=95810120719608&w=2 http://www.securityfocus.com/bid/1193 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 https://exchange.xforce.ibmcloud.com/vulnerabilities/4448 •
CVSS: 5.0EPSS: 3%CPEs: 2EXPL: 0CVE-2000-0304
https://notcve.org/view.php?id=CVE-2000-0304
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability. • http://www.securityfocus.com/bid/1191 http://xforce.iss.net/alerts/advise52.php3 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031 •
CVSS: 5.0EPSS: 90%CPEs: 3EXPL: 1CVE-2000-0413 – FrontPage 2000 / IIS 4.0/5.0 - Server Extensions Full Path Disclosure
https://notcve.org/view.php?id=CVE-2000-0413
The shtml.exe program in the FrontPage extensions package of IIS 4.0 and 5.0 allows remote attackers to determine the physical path of HTML, HTM, ASP, and SHTML files by requesting a file that does not exist, which generates an error message that reveals the path. • https://www.exploit-db.com/exploits/19897 http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html http://www.securityfocus.com/bid/1174 •