Summary
The host is running Microsoft IIS Webserver and is prone to IP address disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to gain internal IP address or internal network name, which could assist in further attacks against the target host.
Impact Level: Application
Solution
Apply the hotfix for IIS 6.0 from below link
http://support.microsoft.com/kb/834141/#top
Insight
The flaw is due to an error while processing 'GET' request. When MS IIS receives a GET request without a host header, the Web server will reveal the IP address of the server in the content-location field or the location field in the TCP header in the response.
Affected
Microsoft Internet Information Services version 4.0, 5.0, 5.1 and 6.0
Workaround:
Apply workaround from below link for IIS 4.0, 5.0 and 5.1 http://support.microsoft.com/default.aspx?scid=KB
EN-US
Q218180
References
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- IBM WebSphere Application Server Hash Collisions DOS Vulnerability
- Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
- Check for dangerous IIS default files
- Apache Tomcat HTTP NIO Denial Of Service Vulnerability (Windows)
- IBM WebSphere Application Multiple Vulnerabilities Jul-11