scanning
scanning copied to clipboard
GossiTheDog
Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed)
All servers have the latest CU and the security patch installed. What does this message mean?
|_http-server-header: Microsoft-IIS/10.0 |_http-vuln-exchange: (15.2.792) Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed)
For all other scans I get "Error 403 for /owa" or similar.
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
That’s what I used.
From: Lukas Tribus @.> Sent: Sunday, March 14, 2021 11:28 AM To: GossiTheDog/scanning @.> Cc: Raaymakers. James @.>; Author @.> Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to [email protected], delete the message and let me know. Thanks. Tito/James/Dad/.__________________________________________________________________________________________________________________
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4https://github.com/GossiTheDog/scanning/issues/4
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/GossiTheDog/scanning/issues/6#issuecomment-798955498, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATGO3LSAPBHF4SJ6EA62TFDTDT53BANCNFSM4ZCVAHDA.
Correction. I just now ran the Microsoft version. Here was my output..
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time Nmap scan report for MBX01.domain.net (192.168.1.10) Host is up (0.0010s latency).
PORT STATE SERVICE 443/tcp open https MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
From: Lukas Tribus @.> Sent: Sunday, March 14, 2021 11:28 AM To: GossiTheDog/scanning @.> Cc: Raaymakers. James @.>; Author @.> Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to [email protected], delete the message and let me know. Thanks. Tito/James/Dad/.__________________________________________________________________________________________________________________
"Potentially vulnerable" means that this script cannot determine anything (because it's just looking at the version, which is not saying anything). Also see #4https://github.com/GossiTheDog/scanning/issues/4
I strongly suggest people use Microsoft's nmap script instead, which does proper detection:
https://github.com/microsoft/CSS-Exchange/blob/main/Security/src/http-vuln-cve2021-26855.nse
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/GossiTheDog/scanning/issues/6#issuecomment-798955498, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATGO3LSAPBHF4SJ6EA62TFDTDT53BANCNFSM4ZCVAHDA.
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time
Nmap scan report for MBX01.domain.net (192.168.1.10)
Host is up (0.0010s latency).
PORT STATE SERVICE
443/tcp open https
MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds
PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
Correct.
Thank you very much. I appreciate your time.
From: Lukas Tribus @.> Sent: Sunday, March 14, 2021 11:56 AM To: GossiTheDog/scanning @.> Cc: Raaymakers. James @.>; Author @.> Subject: Re: [GossiTheDog/scanning] Exchange 2019 potentially vulnerable, check latest security update is applied (Exchange 2019 CU7 or CU8 installed) (#6)
EXTERNAL EMAIL: If unknown sender, do not click links/attachments. NEVER give out your user ID or password. !!!!WARNING!!!! Be aware of Phishing emails asking to update payment information. DO NOT CLICK THE ATTACHMENT. Please forward a copy to [email protected], delete the message and let me know. Thanks. Tito/James/Dad/.__________________________________________________________________________________________________________________
PS C:\users\james\documents\nmapscripts> nmap -p 443 --script .\http-vuln-exchange.nse MBX01.domain.net
Starting Nmap 7.91 ( https://nmap.org ) at 2021-03-14 11:49 Pacific Daylight Time
Nmap scan report for MBX01.domain.net (192.168.1.10)
Host is up (0.0010s latency).
PORT STATE SERVICE
443/tcp open https
MAC Address: 00:0C:29:00:99:AF (VMware)
Nmap done: 1 IP address (1 host up) scanned in 0.85 seconds
PS C:\users\james\documents\nmapscripts>
I assume this means it is NOT vulnerable?
Correct.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/GossiTheDog/scanning/issues/6#issuecomment-798959711, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ATGO3LXQ4TJ5PRTL4MHCZA3TDUBEHANCNFSM4ZCVAHDA.