Rollup 18 for Microsoft Exchange Server 2010 SP3 and previous versions has an SSRF vulnerability via the username parameter in /owa/auth/logon.aspx in the OWA (Outlook Web Access) login page.
https://seclists.org/bugtraq/2018/Sep/38
http://www.securityfocus.com/bid/105386