Private IP Disclosure

A private IP (such as 10.x.x.x, 172.x.x.x, 192.168.x.x) or an Amazon EC2 private hostname (for example, ip-10-0-56-78) has been found in the HTTP response body. This information might be helpful for further attacks targeting internal systems.

Disclosing private IP addresses reveals the internal network topology and configuration details to potential attackers. This information enables reconnaissance for subsequent attacks targeting internal systems, helping adversaries map network architecture and identify potential pivot points. Attackers can use this intelligence to craft more targeted attacks against internal services, plan lateral movement strategies, or identify cloud infrastructure patterns that may expose additional vulnerabilities.

Remove the private IP address from the HTTP response body. For comments, use JSP/ASP/PHP comment instead of HTML/JavaScript comment which can be seen by client browsers.