docker icon indicating copy to clipboard operation
docker copied to clipboard
verified publisher icon matomo-org

Web Server HTTP Header Internal IP Disclosure (CVE-2000-0649)

Open felixlabrot opened this issue 9 months ago • 0 comments

The Apache webserver in the Docker image matomo:latest sends a useless Location header, which discloses the internal IP of the container to the outside world.

Looks like this when accessed:

Date: Tue, 13 May 2025 14:53:02 GMT
Server: Apache/2.4.62 (Debian)
X-Powered-By: PHP/8.3.21
X-Matomo-Request-Id: 7ab22
X-Robots-Tag: noindex
Location: https://172.22.0.3/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

This should be fixed, so the internet cannot see the IP of the container.

felixlabrot avatar May 14 '25 06:05 felixlabrot