← CVECheck
HomeVulnerabilities

CVE-2000-0649 — LOW severity vulnerability (IIS 4.0 allows remote attackers to obtain the internal IP ad)

IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.

CVE IDCVE-2000-0649
SeverityLOW
CVSS score2.6
CVSS vectorAV:N/AC:H/Au:N/C:P/I:N/A:N
CWECWE-200
StatusModified
Published2000-07-13
Last modified2026-04-16
DescriptionIIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →