[W3af-svn-notify] [Task #146888] Private IP address Leaked using the PROPFIND method
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
[W3af-svn-notify] [Task #146888] Private IP address Leaked using the PROPFIND method
|
From: SourceForge.net <no...@so...> - 2008-03-05 13:38:16
|
Task #146888 has been updated. Project: w3af Subproject: Plugin TODO v1.10 Summary: Private IP address Leaked using the PROPFIND method Complete: 0% Status: Open Authority : andresriancho Assigned to: nobody Description: Private IP address Leaked using the PROPFIND method The remote web server leaks a private IP address through the WebDAV interface. If this web server is behind a Network Address Translation (NAT) firewall or proxy server, then the internal IP addressing scheme has been leaked. That address is: 10.200.1.14 This is typical of IIS 5.0 installations that are not configured properly. See also : http://www.nextgenss.com/papers/iisrconfig.pdf Solution : http://support.microsoft.com/default.aspx?scid=KB12113BEN-US12113BQ218180&ID=KB12113BEN-US12113BQ218180 Risk factor : Low CVE : CVE-2002-0422 ------------------------------------------------------- For more info, visit: http://sourceforge.net/pm/task.php?func=detailtask&project_task_id=146888&group_id=170274&group_project_id=55629 |
