We are all of suddenly failing our PCI Security Scan with Security Metrics. Nothing has changed other than forcing our store to use https. Anyone know what the culprit might be? It's leaking our private IP address in the headers.
This is the error message I am getting.
Web Server HTTP Header Internal IP Disclosure
This web server leaks a private IP address through its HTTP headers.
This may expose internal IP addresses that are usually hidden or masked
behind a Network Address Translation (NAT) Firewall or proxy server.
There is a known issue with Microsoft IIS 4.0 doing this in its default
configuration. This may also affect other web servers, web applications,
web proxies, load balancers and through a variety of misconfigurations
related to redirection. See also : http://www.nessus.org/u?fe24f941
http://support.microsoft.com/default.as ... US;Q218180
http://support.microsoft.com/default.as ... -US;834141
When processing the following request : GET / HTTP/1.0 this web server
leaks the following private IP address : 10.100.0.200 as found in the
following collection of HTTP headers : HTTP/1.1 301 Moved
Permanently Content-Type: text/html; charset=utf-8 Location:
https://10.100.0.200/ Server: Microsoft-IIS/8.5 X-Powered-By: ASP.NET
Date: Thu, 11 Oct 2018 23:14:20 GMT Connection: close Content-Length:
CVE Score Vector
CVE-2000-0649 4.0 (AV:N/AC:H/Au:N/C:P/I:N/A:N)
For general questions and discussions specific to the AbleCommerce GOLD ASP.Net shopping cart software.
1 post • Page 1 of 1