Bugtraq mailing list archives
RE: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0
From: "Marc Maiffret" <marc () eeye com>
Date: Thu, 9 Aug 2001 13:22:39 -0700
this isnt just for HTTPS... this can occur on plain HTTP also depending on how someone has setup. If you have an IIS web server you should not use "all ip addresses" for a web and instead pick the specific IP so that way IIS does not accidently return internal IP's etc.... Signed, Marc Maiffret Chief Hacking Officer eEye Digital Security T.949.349.9062 F.949.349.9538 http://eEye.com/Retina - Network Security Scanner http://eEye.com/Iris - Network Traffic Analyzer http://eEye.com/SecureIIS - Web Application Firewall || -----Original Message----- || From: marek_roy () hotmail com [mailto:marek_roy () hotmail com] || Sent: Tuesday, August 07, 2001 9:55 PM || To: bugtraq () securityfocus com || Subject: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 || || || GGS-AU / e-Synergies Security Advisory || August 8, 2001 || || Internal IP Address Disclosure in Microsoft-IIS 4.0 & || 5.0 || || Synopsis:
Current thread:
- Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 Marek Roy (Aug 08)
- <Possible follow-ups>
- RE: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 Marc Maiffret (Aug 09)
- Re: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 H D Moore (Aug 10)
- RE: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0 Microsoft Security Response Center (Aug 09)