Description

A Server-Side Request Forgery (SSRF) attack in FUXA 1.1.3 can be carried out leading to the obtaining of sensitive information from the server's internal environment and services, often potentially leading to the attacker executing commands on the server.

Remediation

References

https://www.youtube.com/watch?v=JE1Kcq3iJpc

Related Vulnerabilities

CVE-2022-4742 Vulnerability in maven package org.webjars.npm:json-pointer

CVE-2017-3165 Vulnerability in maven package org.apache.brooklyn:brooklyn-jsgui

CVE-2016-5003 Vulnerability in maven package org.apache.xmlrpc:xmlrpc

CVE-2022-31160 Vulnerability in maven package org.webjars.npm:jquery-ui

CVE-2022-25881 Vulnerability in maven package org.webjars.npm:http-cache-semantics

Severity

High

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Exploit Third Party Advisory