Description
The web application or auxiliary systems use values from HTTP headers which leads to SSRF vulnerability. SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server into sending packets initiated by the victim server to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.
Remediation
Properly sanitize user input and use a special sandboxed host to access remote resources
References
Cracking the lens: targeting HTTP's hidden attack-surface
Related Vulnerabilities
WordPress Plugin Wordpress Picture/Portfolio/Media Gallery Server-Side Request Forgery (3.0.1)
Zend Framework local file disclosure via XXE injection
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
VMware vRealize Operations Server Side Request Forgery (SSRF) vulnerability
WordPress Plugin All-in-One Video Gallery Multiple Vulnerabilities (2.6.0)