From: pratiksha.doshi@niiconsulting.com
Date: Tue Sep 05 2006 - 03:08:21 EDT
I feel it should be given Low Threat rating as the attacker cannot directly
exploit it.
To prevent internal IP address disclosure take the following steps:
a) Open a command prompt and change the current directory to
c:\inetpub\adminscripts or to the directory where 'adminscripts' is located.
b) Execute the following commands:
adsutil set w3svc/UseHostName True
net stop iisadmin /y
net start w3svc
This change will force the IIS server to use the machine host name instead
of the IP address.
Thanks
Pratiksha
Penetration tester,NII Consulting
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:54 EDT