Solved

Web Server PROPFIND Method Internal IP Disclosure

Posted on 2011-03-01
2
1,833 Views
Last Modified: 2013-12-06
The remote installation of IIS leaks a private IP address through the
WebDAV interface. This may expose internal IP addresses that are
usually hidden or masked behind a Network Address Translation (NAT)
Firewall or proxy server.
This is typical of IIS installations that are not configured properly
please suggest to resolve this risk.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Accepted Solution

by:
Tony Johncock earned 500 total points
ID: 35006272
Well I don't know specifically for IIS 7, but earlier versions used to have the following workaround:

adsutil.vbs set w3svc/UseHostName True

Bear in mind though that I've heard reports of it breaking OWA.

0
 

Author Comment

by:Yogesh_Exchange_Expert
ID: 35024278
if we disable webdav then it will resolve the issue or not?
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
This video demonstrates how to sync Microsoft Exchange Public Folders with smartphones using CodeTwo Exchange Sync and Exchange ActiveSync. To learn more about CodeTwo Exchange Sync and download the free trial, go to: http://www.codetwo.com/excha…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question