Now Chatting

Hello, can I help you with anything?

Title:

Possible internal IP address disclosure, this information can be used to conduct further attacks.

Vulnerability:

It is possible that in a system or application error; an internal IP address is revealed. The problem with sending location information as part of the response, however, is that in some cases that location information could reveal more to end-users than is necessary for the user to get the web page they’re looking for.
Microsoft IIS Internal IP Address Disclosure Vulnerability
HEAD /directory HTTP/1.0[CRLF]
[CRLF]
or
PROPFIND / HTTP/1.1
Host:
Content-Length: 0
Also knowing IP could enable an attacker to exploit server configuration settings; if not configured securely for internal external network users. Also via IP attackers could exploit its OS and other patch level vulnerabilities to gain server access as admin or other user.

Solution:

Microsoft IIS Internal IP Address Disclosure Vulnerability

  • To prevent internal IP address disclosure take the following steps.
  • Open a command prompt and change the current directory to c:\inetpub\adminscripts or to where the adminscripts can be found.
  • Run the commands

    adsutil set w3svc/UseHostName True
    net stop iisadmin /y
    net start w3svc

This will cause the IIS server to use the machine's host name rather than its IP address.

Apache web server Internal IP Address Disclosure Vulnerability

  • Modify the Apache configuration file as follows:

 - Set "ServerName" to a proper FQDN.
Or
- Use module mod_rewrite to modify the 3xx error message returned by the server.

nginx web server Internal IP Address Disclosure Vulnerability

  • if the aws elb is passing host as IP force redirect to domain
  • this is for pci fixes

if ($host ~ "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") {
rewrite ^/(.*) $scheme://www.somewebsite.com/$1 permanent;
}