3 Replies Latest reply on Oct 16, 2014 5:38 PM by Jon Scholten

    Compliance after a pen test

    ittech

      We did a pen test and a lot of our server came back with this vulnerability:

       

      Web Server Internal IP address or network name available CVSS Base: 5

       

      PCI Impact: Noncompliant

                An attacker could determine information about your internal network structure from information in http headers.

                Web Server Internal IP address available

      Certain connections to web servers using commands such as GET, PROPFIND, or HEAD may reveal internal IP addresses.

       

      Industry References:

      More information on the Web Server Internal IP address available for the IIS web servers is available at  [http://www.securityfocus.com/bid/1499] Bugtraq ID 1499. CVE-2000-0649 CVE-2002-0419

       

      Additional Information:

      Service: http Sent: / Received: Via: 1.0 172.23.16.8 (McAfee Web Gateway 7.2.0.2.0.13603)

       

      Does anyone know how I can fix this on the MWG7?

       

      Thanks