Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

GeoServer SSRF (CVE-2021-40822)

Description

GeoServer allows an unauthenticated attacker to send arbitrary requests to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of GeoServer

References

GeoServer allows SSRF via the option for setting a proxy host

SSRF Geoserver (CVE-2021-40822)

Related Vulnerabilities

MySQL CVE-2020-14848 Vulnerability (CVE-2020-14848)

Mibew Messenger Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0829)

Jetty Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2009-5045)

phpMyFAQ Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2024-28105)

WebLogic CVE-2021-1995 Vulnerability (CVE-2021-1995)

Severity

High

Classification

CVE-2021-40822 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Acumonitor SSRF Known Vulnerabilities