Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 440
  • Last Modified:

Penetration test revealed - Web server unknown location redirect uses private IP address

An auditor did a penetration test of our network and recommended we correct the following.

Following is exactly what they wrote....no more no less. I'm a little confused and I need to correct it today.

'Web server - unknown location redirect uses private IP address'
0
bernardb
Asked:
bernardb
  • 2
1 Solution
 
strickddCommented:
This means that one of you server redirects is not using the domain or relative path to send the request from one site to another. Instead it is using the IP address of the server. This can occur with an IIS redirect or potentially redirecting to an error page.

I would suggest asking for the description and documentation from the testing tool about this error message to figure out what it means for the tool. I would also get the result from the test that should contain what the test was doing and where it was redirecting to.
0
 
bernardbAuthor Commented:
More info...it says the following

"Web server discloses private IP address
The web server is located behind a firewall. The firewall translates the public IP address of the web server (63.xxx.xxx.xxx) to a private IP address (10.xxx.xxx.xxx).
When the web server handles a request for an unknown location, it will redirect the browser to another location. This location includes the private IP address of the web server."

xxxxxxxx

The information provided by the web servers can be used by an attacker to enhance the effectiveness of as-yet unknown vulnerabilities.

xxxxxxxx

Your company should configure the web server to use the hostname  when redirecting browsers (instead of the IP address).
0
 
bernardbAuthor Commented:
No other responses? This is the info given to us by the auditors
0

Featured Post

Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now