cancel
Showing results for 
Search instead for 
Did you mean: 
ittech
Level 13

Compliance after a pen test

We did a pen test and a lot of our server came back with this vulnerability:

Web Server Internal IP address or network name available CVSS Base: 5

PCI Impact: Noncompliant

          An attacker could determine information about your internal network structure from information in http headers.

          Web Server Internal IP address available

Certain connections to web servers using commands such as GET, PROPFIND, or HEAD may reveal internal IP addresses.

Industry References:

More information on the Web Server Internal IP address available for the IIS web servers is available at  [http://www.securityfocus.com/bid/1499] Bugtraq ID 1499. CVE-2000-0649 CVE-2002-0419

Additional Information:

Service: http Sent: / Received: Via: 1.0 172.23.16.8 (McAfee Web Gateway 7.2.0.2.0.13603)

Does anyone know how I can fix this on the MWG7?

Thanks

3 Replies
McAfee Employee

Re: Compliance after a pen test

Hi!

Thats just talking about the "via" and likley "x-forwarded-for" header, you can disable or obfuscate it using our best practice:

Additionally, you are on quite an older version (7.2.0.2), you might want to consider upgrading as well ().

Best Regards,

Jon Scholten

0 Kudos
ittech
Level 13

Re: Compliance after a pen test

Thanks Jon!

I've already upgraded to 7.4.2.3.0 which I hope is the most recent.

Also, does it matter where this goes in my rule set? I was thinking it should be at the top, but I'm not sure if that will effect my other rules (ex: "Skip subsequent rules for ePO requests" & "Block Access to SiteAdvisor stand down detection site")

Thanks for the help

0 Kudos
McAfee Employee

Re: Compliance after a pen test

Glad to hear it!

It does matter, you should put this towards the top. You can put it below the mentioned rulesets.

Best Regards,

Jon

0 Kudos