• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2005
  • Last Modified:

Web Server PROPFIND Method Internal IP Disclosure

The remote installation of IIS leaks a private IP address through the
WebDAV interface. This may expose internal IP addresses that are
usually hidden or masked behind a Network Address Translation (NAT)
Firewall or proxy server.
This is typical of IIS installations that are not configured properly
please suggest to resolve this risk.
1 Solution
Tony JLead Technical ArchitectCommented:
Well I don't know specifically for IIS 7, but earlier versions used to have the following workaround:

adsutil.vbs set w3svc/UseHostName True

Bear in mind though that I've heard reports of it breaking OWA.

Yogesh_Exchange_ExpertAuthor Commented:
if we disable webdav then it will resolve the issue or not?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now