Summary

Acunetix 360 detected that the target application is vulnerable to a [Possible] SAML Consumer Service KeyInfo RetrievalMethod SSRF by capturing a DNS request that was made to {SSRFRESPONDER} but was unable to confirm the vulnerability.

The web application uses SAML. The web application's SAML Consumer Service allows KeyInfo referencing to remote servers/local files (using RetrievalMethod). An unauthenticated attacker may be able to use it in order to read arbitrary files on the server or send requests to other servers (SSRF).

Impact

An attacker can send arbitrary HTTP Get requests to internal servers or read local files.

Remediation

Disable dereferencing in KeyInfo RetrievalMethod.

Severity

Medium

Classification

CWE-918 ISO27001-a.14.2.5 WASC-20 OWASP 2013-A1 OWASP 2017-A1 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N