/claim #14576

PR Information

• Added CVE-2018-8581
• References:
  • https://nvd.nist.gov/vuln/detail/CVE-2018-8581
  • https://github.com/Ridter/Exchange2domain
  • https://vulncheck.com/xdb/276c34c7f74f

Template validation

• Validated with a host running a vulnerable version and/or configuration (True Positive)
• Validated with a host running a patched version and/or configuration (avoid False Positive)

Additional Details (leave it blank if not applicable)

• Template path: http/cves/2018/CVE-2018-8581.yaml
• Validation command:

  nuclei -duc -validate -lfa -ud . -t http/cves/2018/CVE-2018-8581.yaml
  
  

• Detection logic:

  • Precheck confirms Exchange EWS exposure using /EWS/Exchange.asmx and X-Owa-Version
  • Authenticated SOAP Subscribe PushSubscription request triggers outbound request to {{interactsh-url}}
  • Confirms SSRF via OAST (interactsh_protocol + interactsh_request) and success SOAP response markers