Solved

Web Server PROPFIND Method Internal IP Disclosure

Posted on 2011-03-01
2
1,864 Views
Last Modified: 2013-12-06
The remote installation of IIS leaks a private IP address through the
WebDAV interface. This may expose internal IP addresses that are
usually hidden or masked behind a Network Address Translation (NAT)
Firewall or proxy server.
This is typical of IIS installations that are not configured properly
please suggest to resolve this risk.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 26

Accepted Solution

by:
Tony Johncock earned 500 total points
ID: 35006272
Well I don't know specifically for IIS 7, but earlier versions used to have the following workaround:

adsutil.vbs set w3svc/UseHostName True

Bear in mind though that I've heard reports of it breaking OWA.

0
 

Author Comment

by:Yogesh_Exchange_Expert
ID: 35024278
if we disable webdav then it will resolve the issue or not?
0

Featured Post

Online Training Solution

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action. Forget about retraining and skyrocket knowledge retention rates.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
Unified and professional email signatures help maintain a consistent company brand image to the outside world. This article shows how to create an email signature in Exchange Server 2010 using a transport rule and how to overcome native limitations …
how to add IIS SMTP to handle application/Scanner relays into office 365.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses
Course of the Month4 days, 15 hours left to enroll

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question