header-logo
Suggest Exploit
vendor:
Real Server
by:
SecurityFocus
2.6
CVSS
LOW
IP Address Disclosure
200
CWE
Product Name: Real Server
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WinNT Version 6.0.3.303
2002

Real Server IP Address Disclosure Vulnerability

Real Server includes the IP address of the server in data sent to the client. If the Real Server is installed on a machine in a NAT environment, (where requests from the outside network are handled by reverse proxy), this will reveal what are supposed to be private, hidden IP addresses.

Mitigation:

Ensure that the Real Server is not installed on a machine in a NAT environment.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1049/info

By default, Real Server includes the IP address of the server in data sent to the client. If the Real Server is installed on a machine in a NAT environment, (where requests from the outside network are handled by reverse proxy), this will reveal what are supposed to be private, hidden IP addresses.

$ GET http://realg2.example.com:8080/ramgen/foo.rm
reveals-
rtsp://192.168.11.12:554/foo.rm
--stop--
pnm://192.168.11.12:7070/foo.rm
server info:
WinNT Version 6.0.3.303

Navigation

Suggest Exploit

Services By CQR