Skip to content
  • Solutions
    By Role
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    • For Developers
    • For Content Managers
    • For Agencies
    • For IT Admins
    • For Web Hosters
    By Infrastructure
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Overview
    • AWS
    • Microsoft Azure
    • Alibaba Cloud
    • Google Cloud Platform
    • Vultr
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
    • Digital Ocean
    • Linode
    • Upcloud
    • Oracle
    • OVH
  • Product
    • Plesk Features
    • Plesk Editions
    • What’s new
    • Pricing
    • Roadmap
    • Lifecycle Policy
    • Extensions Catalogue
  • Pricing
  • Extensions
    Featured Extensions
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    • SocialBee
    • WP Toolkit
    • Sitejet Builder for Plesk
    • SEO Toolkit
    • Joomla! Toolkit
    • Premium Email
    • Email Security
    Bundles and packs:
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack
    • Business and Collaboration Edition
    • WP pack
    • Hosting pack
    • Power pack
    • Language pack

    See all Extensions

  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
  • Pricing
  • Solutions
    • By Role
      • For Developers
      • For Content Managers
      • For Agencies
      • For IT Admins
      • For Web Hosters
    • By Infrastructure
      • Overview
      • Plesk on Amazon Web Services (AWS & Lightsail)
      • Microsoft Azure
      • Alibaba Cloud
      • Google Cloud Platform
      • Vultr
      • DigitalOcean
      • Linode
      • UpCloud
      • Oracle
      • OVH
  • Products
  • Pricing
  • Extensions
    • Featured Extensions
      • SocialBee
      • WP Toolkit
      • Sitejet Builder for Plesk
      • SEO Toolkit
      • Joomla! Toolkit
      • Premium Email
      • Email Security
    • Bundles and packs:
      • Business and Collaboration Edition
      • WP pack
      • Hosting pack
      • Power pack
      • Language pack
      • See all Extensions
  • For Partners
    • Plesk Contributor Program
    • Plesk Partner Program
    • Affiliate Program
    • Plesk University
  • Help Center
    • Documentation
    • Professional Services
    • Support
    • Contact Us
    • Wiki
    • Forum
  • Plesk 360 login
  • Free Trial
Plesk 360 login
Free Trial

Knowledge Base

[BUG] PCI compliance scan shows a warning: CVE-2000-0649

 
clifirewallhttpiplinux

Symptoms

  • PCI compliance scan shows a warning:

    1. Web Server external IP Address/Internal Network Name Disclosure Vulnerability
    8443 / tcp
    CVE-2000-0649
    The remote check for the webserver internal IP address sends an HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address.

    2. Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
    8880 / tcp
    CVE-2000-0649
    The remote check for the webserver internal IP address sends an HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address.

Cause

Plesk bug #PPP-47782, which will be resolved in future product updates.
An attacker can create a specific HTTP1.0 request to the server and it will return the internal IP address of the host even if the server is behind a firewall or NAT, which will disclose the true internal IP address to the remote user.

Resolution

  1. Connect to the server via SSH.

  2. Set the proper and resolvable server hostname as described in the "Via CLI (Linux only)" section in this article.

  3. Create the file /etc/sw-cp-server/conf.d/server-name-plesk.inc

    # touch /etc/sw-cp-server/conf.d/server-name-plesk.inc

  4. Edit file /etc/sw-cp-server/conf.d/server-name-plesk.inc and add following content to it

    server_name example.com;
    server_name_in_redirect on;

    Where 'example.com' is the server hostname.

  5. (Optional) Disable support of the outdated HTTP 1.0 protocol:

    • Create the file /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc

      # touch /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc

    • Edit file /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc and add following content to it

      if ($server_protocol = HTTP/1.0) {
      return 444;
      }

  6. Restart the sw-cp-server service:

    # service sw-cp-server restart

Tweet
Share
Share
Email
0 Shares
Read the full article
Related Posts

How to Check Open Ports in Linux (Simple Commands & Tools)

Read More »

Linux Logs Explained

Read More »

HTTP Response Status Codes Explained

Read More »
Knowledge Base

Different operations on Plesk for Linux server fail: /usr/sbin/usermod execution failed: usermod: user is currently used by process

Read More »

Unable to recalculate Plesk AWStats and rotate its log file: your log file must have a bad format or LogFormat parameter setup does not match this format

Read More »

How to provide Plesk Support with server access?

Read More »

Plesk installation/update/upgrade/repair fails: Couldn’t resolve host autoinstall.plesk.com/autoinstall-win.plesk.com

Read More »

Hosting Wiki

  • CLI
  • Server Redundancy
  • Linux Containers
  • Bare Metal Server
  • Oracle VM Server
  • Server Virtualization Software
  • Windows Server
  • Linux
  • JavaScript
  • HTTP/3
  • HTTP/2
  • Plesk
  • Lighttpd
  • Web Server
  • DNS Server
  • IPv6
  • IPv4
  • SIP
  • SSH
  • UDP/IP
  • Firewall
  • Network Bandwidth
  • TCP/IP
  • HTTP
X-twitter Linkedin Youtube Reddit Github
  • Product
  • Login
  • Pricing
  • Editions
  • For Partners
  • Partner Program
  • Contributor Program
  • Affiliate Program
  • Plesk University
  • Company
  • Blog
  • Careers
  • Events
  • About Plesk
  • Our Brand
  • Resources
  • User and Admin guides
  • Help Center
  • Migrate to Plesk
  • Contact Us
  • Hosting Wiki
  • Forum
  • Legal
  • Legal
  • Privacy Policy
  • Imprint

© 2025 WebPros International GmbH

Part of the WebPros®  Family