Short Name |
HTTP:IIS:4-INTERNAL-IP-DISC |
---|---|
Severity |
Warning |
Recommended |
No |
Category |
HTTP |
Keywords |
IIS 4.0 Internal IP Disclosure |
Release Date |
2014/05/08 |
Update Number |
2372 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit a known flaw in Microsoft Internet Information Server 4.0. A successful attack would reveal the internal IP address of an IIS host behind a firewall/NAT. This signature will not trigger on non-vulnerable servers.
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.