Yes - this was noted in the description of the problem.

>Please note that the "workaround" has been documented in KB article
Q218180
>(http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&ID=KB;
EN->US;Q218180)
>and has been discussed and referenced in the IIS4 and IIS5 security
>checklists (since June 2000.)

At 05:58 PM 3/5/2002 +0000, David Litchfield wrote:
>>NGSSoftware Insight Security Research Advisory
>>
>>Name: Internal IP Addresses and IIS
...SNIP...
>>them formulate further attacks. This issue is similar to the issue
>>documented at
>>http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&id=KB;
EN
>>-US;Q218180

The details of this advisory discuss several other ways of getting the
IP address. The MS KB article discusses the Content-Location HTTP
header. This only happened if the default page was static in nature
(i.e. not an asp page). Many people may have neglected to use this
workaround as they do not use static content, thinking that, because of
this they weren't vulnerable.

As the advisory shows though there are many ways to get this
information. There will probably be more.

Cheers,
David Litchfield

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]