I am running into an issue, where "Private IP address leaked in HTTP headers" vulnerabilities are being detected. The version of IIS that is being utilized is IIS7, and I used the following link/command to initially troubleshoot this issue.
https://blogs.msdn.microsoft.com/mike/2008/11/18/removing-an-iis-servers-ip-address-from-http-responses/
appcmd.exe set config -section:system.webServer/serverRuntime /alternateHostName:”myServer” /commit:apphost
Originally, the vulnerable URL was https://X.X.X.X/Autodiscover. After applying the above command, and while replacing "myServer" with the address on the CAS server, I re-ran the vulnerability scan. The vulnerability is still present, but the vulnerable URL is now https://X.X.X.X/Autodiscover/Autodiscover.xml.
The only other troubleshooting steps I have found are related to IIS6, but those are obviously not compatible with IIS7, since they seem to involve the metabase. Any suggestions or resolutions is much appreciated.