IIS/Apache contains a vulnerability that may disclose your internal IP address or internal network name to remote attackers-How to resolve it.

Posted on 2009-04-24
Last Modified: 2013-12-04
Microsoft IIS contains a vulnerability that may disclose your internal IP address or internal network name to remote attackers-How to resolve it or same problem we are getting from Apache running on UNIX.
I checked for the solution on: , but it is saying about FQDN, while I want to put my host name only (for internal server)...Is it possible and How...?
Question by:Brijeshk9

    Author Comment

    any Solution...?
    LVL 22

    Expert Comment

    I am not seeing that this is an error with just Apache.
    If you are running IIS with mod_jk to pass requests for jsp pages to Tomcat then you could/would have this problem ... but the problem is specific to IIS.

    The fix is still the same as in the document/page you referenced.  You do not have to use the FQDN, you should be able to run the adsutil script and replace the content using just the server name.
    LVL 22

    Accepted Solution

    If you click through to the IIS 6 solution page ( they give you the command for setHostName which should allow you to over ride the default of the FQDN and use what ever you want.
    LVL 61

    Assisted Solution

    For Apache - just set hostname to hostname or, so that apache never uses IP address in headers.

    Author Closing Comment


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
    When it comes to showing a 404 error page to your visitors, you do not want that generic page to show, and you especially do not want your hosting provider’s ad error page to show either. In this article, I will show you how to enable the custom 40…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now