Description

The web application or auxiliary systems use values from HTTP headers which leads to SSRF vulnerability. SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server into sending packets initiated by the victim server to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.

Remediation

Properly sanitize user input and use a special sandboxed host to access remote resources

References

Cracking the lens: targeting HTTP's hidden attack-surface

What is Server Side Request Forgery (SSRF)?

SSRF bible. Cheatsheet

Related Vulnerabilities

WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)

WordPress 4.3.x Multiple Vulnerabilities (4.3 - 4.3.20)

WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)

RCE in Ivanti Connect Secure and Policy Secure (CVE-2024-21887)

Unauthenticated Remote Code Execution via JSONWS in Liferay 7.2.0 CE GA1

Severity

High

Classification

CWE-918 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SSRF Acumonitor