Private IP Disclosure

Risk:
Low

Type:
Passive

CWE:
CWE-200

Summary: A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.

Solution: Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.

Other info: 192.168.36.127

References: https://tools.ietf.org/html/rfc1918

Free security scan for your website

Don't show website scan report rating on the leaderboard