Closed Nibeck1309 closed 5 months ago
What exactly is the issue here? The text is about IIS which is not in use at all. Please provide more details and the attack vector.
Hello, The problem is as follows: `This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.
Apache returns the internal IP address in the location. this is an apache configuration problem.
Could you please do the necessary?
It seems that your instance is behind some proxy server that calls it with the internal IP. In this case, the proxy server needs to rewrite location headers to match the proper domain name.
Our vulnerability scanner (tenable) scans directly on the docker server where our lam instance is deployed. The instance is not behind a proxy server
This explains why you get a redirect to an internal IP. You need to recheck if this also happens when you call the instance with its external DNS name.
Description : `This may expose internal IP addresses that are usually hidden or masked behind a Network Address Translation (NAT) Firewall or proxy server.
There is a known issue with Microsoft IIS 4.0 doing this in its default configuration. This may also affect other web servers, web applications, web proxies, load balancers and through a variety of misconfigurations related to redirection.`
Output from most recent scan