Re: MS IIS Internal IP Address/Hostname Vulnerability
From: Chris Weber [Security MVP] (chris_at_dev.nul)
Date: 06/15/05
- Next message: WohooWahoo: "Re: Win2003 Server/IIS 6.0 Anonymous Login not working"
- Previous message: Wade Barrett: "Anon and Intergrated security"
- In reply to: SteveC: "MS IIS Internal IP Address/Hostname Vulnerability"
- Next in thread: SteveC: "Re: MS IIS Internal IP Address/Hostname Vulnerability"
- Reply: SteveC: "Re: MS IIS Internal IP Address/Hostname Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 14 Jun 2005 22:18:17 -0700
That's the thing, it's not really a big deal. Sure it's information
disclosure, but what's in your hostname?
"SteveC" <SteveC@discussions.microsoft.com> wrote in message
news:9358889D-F4E8-4B3C-AF00-CBB1EB0BB1F7@microsoft.com...
> My vulnerability scanner is flagging my OWA website because of the MS IIS
> Internal IP Address/Hostname Vulnerability. I have issued the following
> command "adsutil set w3svc/UseHostName True" and rebooted the server. The
> vulnerability scan no longer picks up the internal IP address. However, it
> picks up the INTERNAL hostname and still flags me for the same
> vulnerability.
> That leaves me in catch22. Set the flag to True and use the internal
> hostname
> or False and display the IP address. Anyone know a fix for this? How can I
> get it to show my EXTERNAL hostname or IP address?
> Thanks
> --
> Steve
- Next message: WohooWahoo: "Re: Win2003 Server/IIS 6.0 Anonymous Login not working"
- Previous message: Wade Barrett: "Anon and Intergrated security"
- In reply to: SteveC: "MS IIS Internal IP Address/Hostname Vulnerability"
- Next in thread: SteveC: "Re: MS IIS Internal IP Address/Hostname Vulnerability"
- Reply: SteveC: "Re: MS IIS Internal IP Address/Hostname Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
