CVE-2002-0422

Name: CVE-2002-0422
Creator: NVD / NIST
Published: 2002-08-12T04:00:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 44.34%

Last modified Jun 16, 2026

CVE-2002-0422 is a vulnerability of currently unknown severity. IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.. EPSS estimates a 44.34% chance of exploitation in the next 30 days.

Description

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.

Metrics

EPSS Probability

44.34%

98.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-200

Affected Software

Vendor	Product	Versions
Microsoft	Internet Information Services	5.0

References

Timeline

Published: Aug 12, 2002
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2002-0422?

How severe is CVE-2002-0422?

Severity scoring for CVE-2002-0422 is pending analysis. The EPSS model estimates a 44.34% probability of exploitation in the next 30 days.

How do I fix CVE-2002-0422?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-0422?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST