The host is running Microsoft IIS Webserver and is prone to IP address disclosure vulnerability.

Successful exploitation will allow remote attackers to gain internal IP address or internal network name, which could assist in further attacks against the target host. Impact Level: Application

Apply the hotfix for IIS 6.0 from below link http://support.microsoft.com/kb/834141/#top

The flaw is due to an error while processing 'GET' request. When MS IIS receives a GET request without a host header, the Web server will reveal the IP address of the server in the content-location field or the location field in the TCP header in the response.

Microsoft Internet Information Services version 4.0, 5.0, 5.1 and 6.0 Workaround: Apply workaround from below link for IIS 4.0, 5.0 and 5.1 http://support.microsoft.com/default.aspx?scid=KB EN-US Q218180

• http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180
• http://support.microsoft.com/kb/834141/
• http://www.securityfocus.com/bid/3159/info

---

Updated on 2017-03-28