Penetration Testing mailing list archives
Fix for Internal IP address leak in OWA. (Very old)
From: "wirepair" <wirepair () roguemail net>
Date: Wed, 04 Feb 2004 11:44:25 -0800
lo all, I realize i'm starting to sound like a broken record, but after searching for an hour or two and coming up with nothing regarding the vulnerability found in 2001 for the GET /folder HTTP/1.0 leaks internal ip. I found that the suggested fixes only worked for a regular IIS installation. OWA was completely different and I had to take pretty drastic steps to stop the information leak. Any ways here are my results and I hope this helps someone out there :) http://sh0dan.org/files/owaipleakfix.html -wire -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Fix for Internal IP address leak in OWA. (Very old) wirepair (Feb 05)