Possible internal IP address disclosure, this information can be used to conduct further attacks.
It is possible that in a system or application error; an internal IP address is revealed. The problem with sending location information as part of the response, however, is that in some cases that location information could reveal more to end-users than is necessary for the user to get the web page they?re looking for.
Microsoft IIS Internal IP Address Disclosure Vulnerability
HEAD /directory HTTP/1.0[CRLF]
[CRLF]
or
PROPFIND / HTTP/1.1
Host:
Content-Length: 0
Also knowing IP could enable an attacker to exploit server configuration settings; if not configured securely for internal external network users. Also via IP attackers could exploit its OS and other patch level vulnerabilities to gain server access as admin or other user.
Microsoft IIS Internal IP Address Disclosure Vulnerability
This will cause the IIS server to use the machine's host name rather than its IP address.
Apache web server Internal IP Address Disclosure Vulnerability
- Set "ServerName" to a proper FQDN.
Or
- Use module mod_rewrite to modify the 3xx error message returned by the server.
nginx web server Internal IP Address Disclosure Vulnerability
if ($host ~ "\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}") {
rewrite ^/(.*) $scheme://www.somewebsite.com/$1 permanent;
}