Internal IP Address Disclosure

  • CAPEC 118
  • CWE 200
  • WASC 13

Discovering the private addresses used within an organization can help an attacker in carrying out network-layer attacks aiming to penetrate the organization's internal infrastructure.

Attacker may also use the disclosed IP address to check SSRF (Server Side Request Forgery) vulnerability or to exploit non-HTTP protocols.

This issue may be a false positive and manual confirmation is required.