Description
IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.
Remediation
References
Related Vulnerabilities
WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.6)
WordPress Plugin ZoomSounds-WordPress Wave Audio Player with Playlist Arbitrary File Upload (2.0)
WordPress Plugin Auto Prune Posts Cross-Site Request Forgery (1.8.0)
WordPress Plugin Royal PrettyPhoto Cross-Site Scripting (1.2)
WordPress Plugin WP Product Review Lite Unspecified Vulnerability (3.7.6)