Applicable to:
- Plesk for Linux
Symptoms
-
PCI compliance scan shows a warning:
CONFIG_TEXT: 1. Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
8443 / tcp
CVE-2000-0649
The remote check for the webserver internal IP address sends an HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address.
2. Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
8880 / tcp
CVE-2000-0649
The remote check for the webserver internal IP address sends an HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address.
Cause
Plesk bug #PPP-47782, which will be resolved in future product updates.
An attacker can create a specific HTTP1.0 request to the server and it will return the internal IP address of the host even if the server is behind a firewall or NAT, which will disclose the true internal IP address to the remote user.
Resolution
-
Connect to the server via SSH.
-
Set the proper and resolvable server hostname as described in the "Via CLI (Linux only)" section in this article.
-
Create the file
/etc/sw-cp-server/conf.d/server-name-plesk.inc# touch /etc/sw-cp-server/conf.d/server-name-plesk.inc
-
Edit file
/etc/sw-cp-server/conf.d/server-name-plesk.incand add following content to itCONFIG_TEXT: server_name example.com;
server_name_in_redirect on;Where 'example.com' is the server hostname.
-
(Optional) Disable support of the outdated HTTP 1.0 protocol:
-
Create the file
/etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc# touch /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc
-
Edit file
/etc/sw-cp-server/conf.d/disable-http-1.0-plesk.incand add following content to itCONFIG_TEXT: if ($server_protocol = HTTP/1.0) {
return 444;
}
-
-
Restart the
sw-cp-serverservice:# service sw-cp-server restart
Comments
Please sign in to leave a comment.