Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Internet Information Server returns IP address in HTTP header (Content-Location) - Vulnerability Database

Internet Information Server returns IP address in HTTP header (Content-Location)

Description

When you use static HTML pages (for example, Default.htm), a Content-Location header is added to the response. By default, in Internet Information Server (IIS), the Content-Location references the IP address of the server instead of the Fully Qualified Domain Name (FQDN) or Hostname.

Remediation

Check References for details on how to fix this problem.

References

IIS HTTP Host Header Injection Vulnerability Fix | Beyond Security

Related Vulnerabilities

Trace.axd Detected High
Common tags: Information Disclosure Configuration
Error page path disclosure Low
Common tags: Information Disclosure Configuration
JBoss JMX Console Unrestricted Access High
Common tags: Information Disclosure Configuration
JBoss Web Console JMX Invoker High
Common tags: Information Disclosure Configuration
Tomcat status page Low
Common tags: Information Disclosure Configuration

Severity

Low

Classification

CWE-200
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Information Disclosure
Configuration