Web Server HTTP Header Internal IP Disclosure
To test this vulnerability, it is basically the same procedure as the previous one; But, this time we are sending our GET request to the root of the webserver instead of autodiscover.xml.
Connect to your exchange server using OpenSSL as below.
openssl s_client -host host.domain.com -port 443
Once the above OpenSSL command asks for input, paste and execute the following in the same terminal. (GET request to the root page of the webserver.)
GET / HTTP/1.0
Notice the response kindly lets you know the Internal IP in the Location: header.

Last updated
Was this helpful?