This article is a part of our Web Security Knowledge Base (back to index)

Why Private IP Disclosure can be dangerous

A disclosure of a Private IP or Amazon EC2 private hostname may enable the attacker to understand your internal network structure.

The attacker may use the disclosed IP to explore your internal network structure easier when the access to the first host is gained. It may also be possible to learn about hosting providers managing different hosts of your application, including back end servers.

How to fix Private IP Disclosure

You should remove any private IP or hostname occurrences from the response body.

How does ScanRepeat report Private IP Disclosure

ScanRepeat looks for any occurrences of private IP addresses or private hostnames included in the response body and reports the exact URL and the IP/hostname found, so these can be manually reviewed and removed.

Would you like to test your application now against this problem? Sign up for our free trial

Scan your application
for 14 days for free

No credit card is required. No commitment.

Sign Up Free