Rapid7 Vulnerability & Exploit Database

Microsoft IIS 4.0 Domain Resolution Vulnerability

Back to Search

Microsoft IIS 4.0 Domain Resolution Vulnerability

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/31/1999
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

IIS 4.0 and CIS 2.5 allow an administrator the option to restrict access by specifying a domain or an IP address If a domain is restricted, but a machine in that domain that cannot be resolved makes an HTTP request, the IIS server will respond as usual. Any subsequent requests will be denied.

Restricted hosts with an IP address that can be resolved to a domain name will be denied access from the first request.

Solution(s)

  • http-iis-0032

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;