January 9, 2009 04:53am pst

1. TheCaped... 2,000
1. TurboBorl... 2,000
3. Jonvee 1,600
3. dstewartjr 1,600
5. jahboite 1,500
6. pand0ra... 1,400
7. from_exp 1,000
8. decoleur 668
8. bilco105 668
10. arnold 664
11. nsx106... 600
12. hfraser 568
12. johnb6767 568
14. cobra09 400
15. Kelvin_King 296
16. DaveHowe 284
16. chris_ch... 284
18. mark_wills 200

1. rpggamer... 207,433
2. r-k 106,289
3. Sheharya... 97,031
4. jahboite 83,578
5. IndiGenus 74,570
6. war1 46,771
7. blue_zee 39,997
8. sunray_... 39,840
9. Tolomir 38,348
10. ghana 29,660
11. rossfingal 27,308
12. ahoffmann 25,439
13. johnb6767 22,602
14. richrumble 20,324
15. PowerIT 19,977
16. rindi 17,919
17. LucF 17,713
18. akboss 16,861
19. jvuz 14,926
20. phototropic 14,139
21. KCTS 13,760
22. McKnife 13,695
23. David-Ho... 13,673
24. _jesper_ 13,090
25. briancassin 13,000

07.28.2008 at 02:34PM PDT, ID: 23602276

	[x] Attachment Details

Security scan returns "IP address revealed in content-location header" using DotNetNuke (DNN)

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

7.8

Zones:

Networking Security Vulnerabilities, Microsoft IIS Web Server, Windows Network Security

Tags:

DotNetNuke, DotNetNuke, 4

We are using DotNetNuke (DNN) and a security scan shows the vulnerability "IP address is revealed in the content-location field in the TCP header" and the fix is to use Microsoft KB 834141. The problem is that the Microsoft fix has you configure IIS to use the FQDN or a set host name instead of the internal IP address. Unfortunately, after you perform this fix and set a host name for the return it apparently takes effect before DNN can read the portal alias from the original URL request and therefore breaks DNN (large number of portals, so host headers aren't an option).

Does anyone have an alternative method for handling a GET request with a blank host header that doesn't break the DNN portal parsing methodology or a way to patch this security vulnerability for DNN?

Start your 7 day free trial to see this answer

Answered By:	auctionpay
Expert Since:	12/28/2006
Accepted Solutions:	1

auctionpay has been an Expert for 2 years, during which he has posted 10 comments and answered 1 question. auctionpay is just one of 982 experts in the Networking Security Vulnerabilities Zone. 1 expert collaborated on this answer, which was graded an "A" by the asker.

#	Title
1	Reveal XP's WIFI profile information?
2	css and javascript to reveal/make roo…
3	Any Free cold Fusion Portal Systems?…
4	Revealing path to .pst files
5	REVEAL DRIVERS
6	how to reveal a part of image which is …