I ran a nessus can against my ignition 7.3.1 gateway. This gateway is accessable from the Internet via a single port forward through the firewall.
Overall, I am happy with the results of the scan with one exception. For some reason the web server is exposing my internal IP address assigned to the gateway.
This is an excerpt from the report outlining this:
[quote]Web Server HTTP Header Internal IP Disclosure
Synopsis
f1This web server leaks a private IP address through its HTTP headers.
List of Hosts
b0
f1 flintrock.wcid17.org
Plugin Output
f3
When processing the following request :
GET / HTTP/1.0
this web server leaks the following private IP address :
192.168.10.21
as found in the following collection of HTTP headers :
HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: 192.168.10.21:8088/main
Content-Length: 0
Date: Tue, 22 Nov 2011 18:21:07 GMT
Connection: close
Description
f1This may expose internal IP addresses that are usually hidden or
masked behind a Network Address Translation (NAT) Firewall or proxy
server.
There is a known issue with Microsoft IIS 4.0 doing this in its default
configuration. This may also affect other web servers, web applications,
web proxies, load balancers and through a variety of misconfigurations
related to redirection.
Solution
f1None
See also
f1http://support.microsoft.com/support/ … 8/1/80.ASP
Risk Factor
f1Low/ CVSS Base Score: 2.6
(CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N)
CVSS Temporal Score: 2.6(CVSS2#E:H/RL:U/RC:C)
CVE
f1CVE-2000-0649
Bugtraq ID
f11499
Other References
f1OSVDB:630
CWE:200
Vulnerability publication date: 2000/07/13
Plugin publication date: 2001/09/14
Plugin last modification date: 2011/06/01
Ease of exploitability : No exploit is required
[/quote]
The only place that I see in my gateway configuration where this address is defined is under the OPC-UA Settings section under Endpoint Address.
Any thoughts?
