more iis internal ip info

modules/auxiliary/scanner/http/iis_internal_ip.rb

@@ -7,24 +7,26 @@ class MetasploitModule < Msf::Auxiliary
   include Msf::Exploit::Remote::HttpClient
   include Msf::Auxiliary::Scanner
 
-  def initialize(info = {})
-    super(
-      update_info(
-        info,
-        'Name' => 'Microsoft IIS HTTP Internal IP Disclosure',
-        'Description' => %q{
-          Collect any leaked internal IPs by requesting commonly redirected locations from IIS.
-        },
-        'Author' => ['Heather Pilkington'],
-        'License' => MSF_LICENSE,
-        'References' =>
-          [
-            ['CVE', '2000-0649'],
-            ['BID', '1499'],
-            ['EDB', '20096']
-          ]
-      )
-    )
+  def initialize(info={})
+    super(update_info(info,
+      'Name'        => 'Microsoft IIS HTTP Internal IP Disclosure',
+      'Description' => %q{
+        Collect any leaked internal IPs by requesting commonly redirected locations from IIS.
+        CVE-2000-0649 references IIS 5.1 (win2k, XP) and older.  However, in newer servers
+        such as IIS 7+, this occurs when the alternateHostName is not set or misconfigured.
+      },
+      'Author'       => ['Heather Pilkington'],
+      'License'     => MSF_LICENSE,
+      'References'     =>
+        [
+          ['CVE', '2000-0649'],
+          ['BID', '1499'],
+          ['EDB', '20096'],
+          ['URL', 'https://support.microsoft.com/en-us/help/218180/internet-information-server-returns-ip-address-in-http-header-content'], #iis 4,5,5.1
+          ['URL', 'https://support.microsoft.com/en-us/help/967342/fix-the-internal-ip-address-of-an-iis-7-0-server-is-revealed-if-an-htt'], #iis 7+
+          ['URL', 'https://techcommunity.microsoft.com/t5/iis-support-blog/iis-web-servers-running-in-windows-azure-may-reveal-their/ba-p/826500']
+        ]
+    ))
   end
 
   def run_host(target_host)