Description
OFBiz allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (server-side request forgery) attacks on the server.
Remediation
Upgrade to the latest version of OFBiz
References
Related Vulnerabilities
MongoDb Uncontrolled Resource Consumption Vulnerability (CVE-2016-3104)
Oracle Database Server Other Vulnerability (CVE-2002-0857)
Oracle Database Server CVE-2013-3751 Vulnerability (CVE-2013-3751)
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-1999-1386)
OpenSSL Resource Management Errors Vulnerability (CVE-2006-2940)