While Internal IP Disclosure will not technically harm a website, the information captured may lead to a more
accurate attack in the future. By making particular requests to a web service with a blank Host HTTP client
header , the server might respond with information regarding the servers IP address. Using future requests
the hacker may be able to capture the internal IP of the web server giving the hacker a great insight to the
internal setup of web server network. IIS (Internet Information Services) has had many issue with this type of hack and has since been
patched.
WebSafe will test for Internal IP Disclosure:
If WebSafe’s test can requests can retrieve the IP address of the internal machine then the website is vulnerable to disclosing its IP address.
There is a simple fix for this website vulnerability.