search

Microsoft Exchange Client Access Server Information Disclosure

hashtag
EOL Check

LogoMicrosoft Exchangeendoflife.datechevron-right

Connect to the open HTTPS port of your exchange server using OpenSSL and the command below.

Open SSL making conection to exchange server

Once the connection is made, you will be prompted to input a command.

Input GET request

Paste or input the follows (this will make a GET request to autodiscover.xml using the command below.)

You need to hit Enter twice after you typed the GET request; before the server will respond.

Internal IP

This spits out its local IP address under the header WWW-Authenticate: Basic realm=.

hashtag
Remediation

The rule will match any WWW-Authenticate Header which includes an IP address in the WWW-Authenticate field and replace this with the domain name.

hashtag
Header Modification

This can then be added to the Virtual Service: Virtual Services > View/Modify Services > Advanced Properties > HTTP Header Modifications > Response Rules.

The internal address is now hidden in all responses and replaced with www.domain.com:

hashtag
URL Rewrite

IIS server to deny requests made without the Host header set. They achieve this by using the URL rewrite module for IIS.

LogoURL Rewrite : The Official Microsoft IIS Sitewww.iis.netchevron-right

URL Rewrite Download the URL Rewrite module onto your exchange server and install it.

PreviousConvert CIDRs to an IP address listNextWeb Server HTTP Header Internal IP Disclosure

Last updated