Yes - this was noted in the description of the problem. >Please note that the "workaround" has been documented in KB article Q218180 >(http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&ID=KB; EN->US;Q218180) >and has been discussed and referenced in the IIS4 and IIS5 security >checklists (since June 2000.) At 05:58 PM 3/5/2002 +0000, David Litchfield wrote: >>NGSSoftware Insight Security Research Advisory >> >>Name: Internal IP Addresses and IIS ...SNIP... >>them formulate further attacks. This issue is similar to the issue >>documented at >>http://support.microsoft.com/default.aspx?scid=KB;EN-US;Q218180&id=KB; EN >>-US;Q218180 The details of this advisory discuss several other ways of getting the IP address. The MS KB article discusses the Content-Location HTTP header. This only happened if the default page was static in nature (i.e. not an asp page). Many people may have neglected to use this workaround as they do not use static content, thinking that, because of this they weren't vulnerable. As the advisory shows though there are many ways to get this information. There will probably be more. Cheers, David Litchfield
This archive was generated by hypermail 2b30 : Fri Mar 08 2002 - 06:21:54 PST