View FAQ

- Servers - Windows -

PCI Scan Failure Microsoft Exchange Client Access Server Information ...
(posted by Steven A on 2014-10-28 12:40:44)

Description: Microsoft Exchange Client Access Server Information Disclosure

Synopsis: The remote mail server is affected by an information disclosure vulnerability.

Impact: The Microsoft Exchange Client Access Server (CAS) is affected by an information disclosure vulnerability. A remote, unauthenticated attacker can exploit this vulnerability to learn the server's internal IP address.

See also :

Data Received: SecurityMetrics was able to verify the issue with the following request :

GET /autodiscover/autodiscover.xml HTTP/1.0\r Accept-Charset: iso-8859-1,utf-8;q=0.9,*;q=0.1\r Accept-Language: en\r Connection: Keep- Alive\r User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)\r Pragma: no-cache\r Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*

Which returned the following IP address :

BID : 69018

Resolution: There is no known fix at this time.

Risk Factor: Medium/ CVSS2 Base Score: 5.0


    To resolve the issue in this example, do the following:

    1. Open the IIS 7 console, expand Sites, Default Web Sites and click on Autodiscover.

    2. Double-click Authentication.

    3. Right-click Basic Authentication and select Edit...

    4. In the Realm field, type the server's public hostname in the format hostname.domain.tld and then click OK.

    5. If applicable (e.g.: on Windows SBS 2008), repeat the above process for the Microsoft-Server-ActiveSync and EWS websites in addition to Autodiscover.

    6. Stop IIS and restart it

    Performing the same test in this example should now yield the following response:

    HTTP/1.1 401 Unauthorized
    Content-Type: text/html
    Server: Microsoft-IIS/7.0
    WWW-Authenticate: Negotiate
    WWW-Authenticate: NTLM
    WWW-Authenticate: Basic realm="hostname.domain.tld"
    X-Powered-By: ASP.NET
    Date: Fri, 05 Sep 2014 16:30:41 GMT
    Connection: close
    Content-Length: 58


    You can test for the issue with openssl on Linux by running the following command:
    $ openssl s_client -host hostname.domain.tld -port 443


© 2022 TkFast, Inc.  |  main  |  public  |  FAQs