none
Exchange 2013 进行PCI扫描后发现IIS Web Server Reveals its Internal IP Address RRS feed

  • Question

  • 您好,前一段时间进行了Exchange 邮件服务器的PCI扫描测试。 测试结果显示邮件服务器 IIS Web Server Reveals its Internal IP Address.

    Using a specially crafted request, it is possible to find out the internal IP address of the web server (i.e. its
    real address, rather than the NAT address that is presented to the Internet). This creates an information
    leak that may be of use to a hacker investigating the server prior to launching an attack.

    目前系统信息如下:

    服务器OS: Windows 2012 R2 Std

    Exchange :  Exchange 2013

    麻烦提供下相应办法看看如何解决这个问题。

    谢谢

    • Moved by Manu Meng Wednesday, November 21, 2018 1:58 AM Because it is
    Wednesday, November 7, 2018 12:55 PM

All replies

  • 您好,

    根据我的研究,这个问题与IIS web 服务器的安全性有关,可能需要修改 Http 请求的 host header,鉴于这个问题更多偏向于IIS方向而非Exchange服务器方向,我们建议您到IIS论坛提问。

    感谢您的理解!

    此致,

    敬礼

    Manu Meng


    如果以上回复对您有所帮助,建议您将其“标记为答复”. 如果您对我们的论坛支持有任何的建议,可以通过此邮箱联系我们:tnsf@microsoft.com.

    点击了解更多,或者访问我们的专用论坛,与我们的技术专家一起分享探索 Microsoft Teams.

    • Proposed as answer by Manu Meng Monday, November 12, 2018 10:09 AM
    Thursday, November 8, 2018 6:24 AM