Security Test: Private IP¶
Description¶
Default Severity:
The issue here is that internal network addresses, which should remain hidden, are showing up in responses that might be seen publicly. When private IPs or hostnames from internal systems like EC2 appear outside their intended environment, attackers could use this information to learn about your network's structure and launch targeted attacks. Developers can inadvertently expose sensitive details through misconfigurations or overly verbose error messages, which leads to increased risks if the problem isn’t fixed promptly.
Configuration¶
Identifier:
information_disclosure/private_ip
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API1:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 1.3.7 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.18.1 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 200 |
| CVSS Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
| CVSS Score | 5.3 |