mailing list archives
RE: IIS Internal IP Address Disclosure (#NISR05032002B)
From: "David Litchfield" <david () nextgenss com>
Date: Wed, 6 Mar 2002 11:22:23 -0000
Yes - this was noted in the description of the problem.
Please note that the "workaround" has been documented in KB article
and has been discussed and referenced in the IIS4 and IIS5 security
checklists (since June 2000.)
At 05:58 PM 3/5/2002 +0000, David Litchfield wrote:
NGSSoftware Insight Security Research Advisory
Name: Internal IP Addresses and IIS
them formulate further attacks. This issue is similar to the issue
The details of this advisory discuss several other ways of getting the
IP address. The MS KB article discusses the Content-Location HTTP
header. This only happened if the default page was static in nature
(i.e. not an asp page). Many people may have neglected to use this
workaround as they do not use static content, thinking that, because of
this they weren't vulnerable.
As the advisory shows though there are many ways to get this
information. There will probably be more.