Solved

Vulnerability CVE-2000-0649 CVE-2002-0419 Windows 2008 r2 with IIS7.5 express

Posted on 2014-09-30
1
960 Views
Last Modified: 2014-10-01
I am getting this vulnerability and after some research, I found that this issue is just relating to IIS6 and lower. Is this true or is there a patch for IIS7.5?

CVE-2000-0649 CVE-2002-0419
Web Server Internal IP address or network name available
0
Comment
Question by:Larry Kiterling
1 Comment
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40353763
Here is the test
telnet target 80
Trying target...
Connected to target.
Escape character is '^]'.
HEAD /directory HTTP/1.0[CRLF]
[CRLF]
if you have the vulnerability you will receive the following

HTTP/1.1 401 Access Denied
WWW-Authenticate: Basic realm="<Internal IP Address>"
Content-Length: 644
Content-Type: text/html
0

Featured Post

Want to promote your upcoming event?

Are you going to an event? Are you going to be exhibiting at a tradeshow? Talking at a conference? Using a promotional banner in your email signature ensures that your organization’s most important contacts stay in the know and can potentially spread the word about the event.

Join & Write a Comment

Introduction This article is the second of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers the basic installation and configuration of the test automation tools used by…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now