| VID |
21952 |
| Severity |
20 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Web server has a Web page containing private IP addresses in the HTTP response body. Private IP addresses are used either to hide systems from the public Internet or to provide an additional range of addresses to organizations that do not have sufficient public IP addresses to distribute on their network. The networking community has set aside a group of IP addresses to be used as private IP addresses for internal networks. The most common private IP addresses look like: 10.xxx.xxx.xxx, 172.(16-31).xxx.xxx or 192.168.xxx.xxx. All other IP addresses which are not specifically set aside to be used as private IP addresses are called public IP addresses. This might help a remote attacker to launch further attacks against the affected system.
* Note: This check solely relied on string pattern matching from the HTTP response body to assess this vulnerability, which patterns could appear multiple times on technical documentation pages, in this case it might be a false positive.
* References:
http://rfc.net/rfc1918.html
* Platforms Affected:
Any HTTP server Any version
Any operating system Any version |
| Recommendation |
This problem can be due to several reasons:
1. In case of disclosing the private IP in the application or web server error messages, this can be solved by determining where to turn off detailed error messages in the application or web server.
2. In case disclosing the private IP in a comment located in the source of the web page, this can easily be solved by removing it from the source of the page or by using jsp/asp comment instead of HTML/javascript comment which can be seen by client browsers. |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
