CVE-2000-0649 — LOW severity vulnerability (IIS 4.0 allows remote attackers to obtain the internal IP ad)
IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined.
| CVE ID | CVE-2000-0649 |
|---|---|
| Severity | LOW |
| CVSS score | 2.6 |
| CVSS vector | AV:N/AC:H/Au:N/C:P/I:N/A:N |
| CWE | CWE-200 |
| Status | Modified |
| Published | 2000-07-13 |
| Last modified | 2026-04-16 |
| Description | IIS 4.0 allows remote attackers to obtain the internal IP address of the server via an HTTP 1.0 request for a web page which is protected by basic authentication and has no realm defined. |
| Source | NIST National Vulnerability Database |
🔍 Search all vulnerabilities →
$999/mo
Try CVECheck →