Bugtraq mailing list archives
RE: IIS Internal IP Address Disclosure (#NISR05032002B)
From: "David Litchfield" <david () nextgenss com>
Date: Wed, 6 Mar 2002 11:22:23 -0000
Yes - this was noted in the description of the problem.
Please note that the "workaround" has been documented in KB article
Q218180
(http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&ID=KB;
EN->US;Q218180)
and has been discussed and referenced in the IIS4 and IIS5 security checklists (since June 2000.)
At 05:58 PM 3/5/2002 +0000, David Litchfield wrote:
NGSSoftware Insight Security Research Advisory Name: Internal IP Addresses and IIS
...SNIP...
them formulate further attacks. This issue is similar to the issue documented at http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&id=KB;
EN
-US;Q218180
The details of this advisory discuss several other ways of getting the IP address. The MS KB article discusses the Content-Location HTTP header. This only happened if the default page was static in nature (i.e. not an asp page). Many people may have neglected to use this workaround as they do not use static content, thinking that, because of this they weren't vulnerable. As the advisory shows though there are many ways to get this information. There will probably be more. Cheers, David Litchfield
Current thread:
- IIS Internal IP Address Disclosure (#NISR05032002B) David Litchfield (Mar 05)
- Re: IIS Internal IP Address Disclosure (#NISR05032002B) Eric (Mar 06)
- RE: IIS Internal IP Address Disclosure (#NISR05032002B) David Litchfield (Mar 08)
- Re: IIS Internal IP Address Disclosure (#NISR05032002B) Eric (Mar 06)