id: microsoft-exchange-server-detect info: name: Microsoft Exchange Server Detect author: pikpikcu,dhiyaneshDK severity: info reference: https://github.com/GossiTheDog/scanning/blob/main/http-vuln-exchange.nse description: Check for Exchange Server CVEs CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065,using Outlook Web App path data. tags: microsoft,exchange,tech requests: - method: GET path: - "{{BaseURL}}/owa/auth/logon.aspx" matchers-condition: or matchers: - type: regex regex: - "(X-Owa-Version:|/owa/auth/15.2.*|/owa/auth/15.1.*|/owa/auth/15.0.*|/owa/auth/14.0.*)" part: all - type: word words: - 'Exchange Log In' - 'Microsoft Exchange - Outlook Web Access' extractors: - type: kval kval: - X_Owa_Version