was your check run from the intranet? if this is the error page for webmin, it will actually give out the WAN IP if you make an attempt to connect via http instead of https. this is cureable. find the file (i believe it is a pl/pm file) and remove the var.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi all... I've installed webmin on my mail server (debian) and i did a vulnerability scan with Nessus and get following results:
ndmp (10000/tcp)
Synopsis :
This web server leaks a private IP address through its HTTP headers.
Description :
This may expose internal IP addresses that are usually hidden or masked
behind a Network Address Translation (NAT) Firewall or proxy server
Can someone please help fix this issue, it's very important for my company to implement security at highest level?
Thanx in advance,waiting for your reply
Orce Dimitrovski
System & Network Engineer
was your check run from the intranet? if this is the error page for webmin, it will actually give out the WAN IP if you make an attempt to connect via http instead of https. this is cureable. find the file (i believe it is a pl/pm file) and remove the var.