The host is running Microsoft IIS Webserver and is prone to IP address disclosure vulnerability.
Successful exploitation will allow remote attackers to gain internal IP address or internal network name, which could assist in further attacks against the target host. Impact Level: Application
Apply the hotfix for IIS 6.0 from below link http://support.microsoft.com/kb/834141/#top
The flaw is due to an error while processing 'GET' request. When MS IIS receives a GET request without a host header, the Web server will reveal the IP address of the server in the content-location field or the location field in the TCP header in the response.
Microsoft Internet Information Services version 4.0, 5.0, 5.1 and 6.0 Workaround: Apply workaround from below link for IIS 4.0, 5.0 and 5.1 http://support.microsoft.com/default.aspx?scid=KB EN-US Q218180
- Apache 'mod_proxy_http' 2.2.9 for Unix Timeout Handling Information Disclosure Vulnerability
- Apache HTTP Server 'httpOnly' Cookie Information Disclosure Vulnerability
- GoAhead WebServer 'name' and 'address' Cross-Site Scripting Vulnerabilities
- Cherokee Web Server Malformed Packet Remote Denial of Service Vulnerability
- IBM WebSphere Application Multiple Vulnerabilities Jul-11