Internal IP Address Disclosure
- CAPEC 118
- CWE 200
- WASC 13
- OWASP PC-C7
This issue requires manual confirmation.
Internal IP Address Disclosure occurs when web applications or server responses reveal internal network addresses, hostnames, or private infrastructure details. This information can be exposed through HTTP headers (e.g., X-Forwarded-For, Via), error messages, comments, or configuration files. Attackers can leverage internal IPs to map network topology, identify private services, or plan targeted attacks such as lateral movement, SSRF (Server-Side Request Forgery), or internal network exploitation.
Common patterns leading to internal IP disclosure:
- Inclusion of internal IPs in HTTP headers or response bodies.
- Verbose error messages displaying server IPs or network configurations.
- Comments in HTML, JavaScript, or configuration files containing internal addresses.
- Misconfigured proxies or reverse proxies revealing internal infrastructure.
Impacts:
- Network Reconnaissance: Attackers can map internal networks and identify reachable hosts.
- Facilitates Targeted Attacks: Knowledge of internal IPs may aid SSRF, RCE, or other network-based attacks.
- Increased Attack Surface: Exposed infrastructure details allow attackers to focus on vulnerable internal services.
- Compliance Risks: Disclosure of internal network details may violate organizational security policies.
Detection indicators:
- HTTP responses containing internal IP addresses or hostnames.
- Security scanners flagging private IPs returned in server responses.
- Publicly accessible documentation or files revealing internal network information.
Remediation
Mitigation focuses on masking internal network details and secure server configuration:
Remove Internal IPs from Responses
Do not expose internal addresses in HTTP headers, error messages, or HTML content.Configure Proxies Properly
Ensure reverse proxies or load balancers do not leak internal IPs in headers likeX-Forwarded-For.Sanitize Error Messages and Logs
Display generic messages to users and log detailed network information internally.Review and Remove Comments
Avoid including network or IP information in HTML, JavaScript, or configuration comments.Monitor and Audit Network Exposure
Regularly scan for any inadvertent internal IP disclosures.Security Testing
Include internal IP discovery and SSRF testing during penetration tests.Educate Developers and Administrators
Raise awareness about risks of exposing internal infrastructure and network addresses.
References
Search Vulnerability
You may also see
- Internal IP Address Disclosure
- Username Disclosure
- Application Disclosure
- Email Disclosure
- Long Redirect Response
- Error Message
- Stack Trace
- Internal Path
- Not Secure Cookie
- Not Http-Only Cookie
- Sensitive Data in Query String
- Sensitive Data over HTTP
- Server Error
- Source Code Disclosure
- Information Leakage
- Web Backdoor
- Database Connection String
- Autocomplete Enabled
- Undefined Content-Type Header
- Missing X-Frame-Options Header
- File Upload Input Detected
- Mixed Content
- Insecure iFrame
- XPath Injection
- Basic Authentication over HTTP
- Forbidden Resource
- Multiple Choices Enabled
- Apache MultiViews Enabled
- GraphQL Endpoint Detected