|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Marc Maiffret (marc
eeye.com)Date: Thu Aug 09 2001 - 15:22:39 CDT
this isnt just for HTTPS... this can occur on plain HTTP also depending on
how someone has setup. If you have an IIS web server you should not use "all
ip addresses" for a web and instead pick the specific IP so that way IIS
does not accidently return internal IP's etc....
Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Web Application Firewall
|| -----Original Message-----
|| From: marek_royhotmail.com [mailto:marek_royhotmail.com]
|| Sent: Tuesday, August 07, 2001 9:55 PM
|| To: bugtraqsecurityfocus.com
|| Subject: Internal IP Address Disclosure in Microsoft-IIS 4.0 & 5.0
||
||
|| GGS-AU / e-Synergies Security Advisory
|| August 8, 2001
||
|| Internal IP Address Disclosure in Microsoft-IIS 4.0 &
|| 5.0
||
|| Synopsis:
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]