Symptoms
PCI compliance scan shows a warning:
1. Web Server external IP Address/Internal Network Name Disclosure Vulnerability
8443 / tcp
CVE-2000-0649
The remote check for the webserver internal IP address sends an HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address.2. Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
8880 / tcp
CVE-2000-0649
The remote check for the webserver internal IP address sends an HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address.
Cause
Plesk bug #PPP-47782, which will be resolved in future product updates.
An attacker can create a specific HTTP1.0 request to the server and it will return the internal IP address of the host even if the server is behind a firewall or NAT, which will disclose the true internal IP address to the remote user.
Resolution
Connect to the server via SSH.
Set the proper and resolvable server hostname as described in the "Via CLI (Linux only)" section in this article.
Create the file
/etc/sw-cp-server/conf.d/server-name-plesk.inc# touch /etc/sw-cp-server/conf.d/server-name-plesk.inc
Edit file
/etc/sw-cp-server/conf.d/server-name-plesk.incand add following content to itserver_name example.com;
server_name_in_redirect on;Where 'example.com' is the server hostname.
(Optional) Disable support of the outdated HTTP 1.0 protocol:
Create the file
/etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc# touch /etc/sw-cp-server/conf.d/disable-http-1.0-plesk.inc
Edit file
/etc/sw-cp-server/conf.d/disable-http-1.0-plesk.incand add following content to itif ($server_protocol = HTTP/1.0) {
return 444;
}
Restart the
sw-cp-serverservice:# service sw-cp-server restart
