PCI Scan - /webmail fails

vpswing

• October 13, 2020 08:18

Vulnerability Details: Service: https Sent: GET /webmail/ HTTP/1.0 Host: domain.net User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko Connection: Keep-alive Received: 'redirect_url': "http:\/\/webmail.domain.net\/

• 

  cPanelLauren

  • October 13, 2020 21:23

  This is odd in that I can't replicate their output. I believe that Updating "Enable Content-Security-Policy on some interfaces" from "Off" to "On" in WHM>>Server Configuration>>Tweak Settings should resolve the XSS issue though.

  0
• 

  vpswing

  • October 14, 2020 03:00

  Thanks Lauren. I will try that (turn "On") for the Enable Content Security Policy" and re-run the scan. Does it matter that we're still using cPanel 88.0.17 ?

  0
• 

  vpswing

  • October 14, 2020 13:41

  Hi Lauren, Unfortunately, no joy - I disabled that and re-ran the scan. It still shows fail. I tried manually entering the URL into my browser, it redirects me to the server's port 2096. There is no javascript pop-up or anything of that sort - so I'm not sure what they are trying to get at. Any other suggestions?

  0
• 

  cPanelLauren

  • October 14, 2020 19:36

  When I run this, it doesn't redirect me, it fails with an error page, on yours, it does take me to 2096 after hitting the proxy page to automatically redirect to the webmail.domain.tld. I'm not sure what you have configured differently and it'd be really difficult for me to compare though I don't think that being on v88 of cPanel & WHM is the issue here. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks!

  0
• 

  vpswing

  • October 15, 2020 01:58

  Hi Lauren, Ok, done. Ticket ID: 93808878 I've also included the httpd.conf file for reference. It has the RewriteRule & RewriteCond for webmail (as well as many others). Maybe that is the reason? Any possibility of removing these rewrites without impacting the server? I tried to manually comment some of them out, but it ended with the server showing 500 internal error.

  When I run this, it doesn't redirect me, it fails with an error page, on yours, it does take me to 2096 after hitting the proxy page to automatically redirect to the webmail.domain.tld. I'm not sure what you have configured differently and it'd be really difficult for me to compare though I don't think that being on v88 of cPanel & WHM is the issue here. Can you please open a ticket using the link in my signature? Once open please reply with the Ticket ID here so that we can update this thread with the resolution once the ticket is resolved. Thanks!

  
  Thanks!

  0
• 

  vpswing

  • March 28, 2022 13:17

  Hi Lauren, This issue has returned in our quarterly PCI scan :-( I can't seem to login using this forum's credentials to the support desk - would you be able to help reset the password for me? I'm trying to view the old ticket 93808878 to see what was the solution. Thanks!

  0
• 

  cPRex Jurassic Moderator

  • March 29, 2022 19:11

  I'm not able to help with access to the support desk here, but if you send a message to cs@cpanel.net our Customer Service team will be able to provide some more assistance with that. You can also try the "forgot password" link in our support system to get that reset.

  0

Please sign in to leave a comment.