Details
Alert ID 100013
Alert Type Script Passive
Status alpha
Risk Medium
CWE 200
WASC 13
Technologies Targeted All
Tags CWE-200
More Info Scan Rule Help

Summary

A private IP such as 10.x.x.x, 172.x.x.x, 192.168.x.x or IPV6 fe00:: has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.

Solution

Remove the private IP address from the HTTP response body. For comments, use JSP/ASP comment instead of HTML/JavaScript comment which can be seen by client browsers.

Other Info

References

Code

passive/Find Internal IPs.js