Description

SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server interfaces into sending packets initiated by the victim server to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.

Remediation

Properly sanitize user requests or use a special sandboxed host to route requests to remote resources

References

HTTP/2: The Sequel is Always Worse

Weird proxies/2 and a bit of magic

SSRF VS. BUSINESS-CRITICAL APPLICATIONS

Related Vulnerabilities

WordPress Plugin HTTP Headers Multiple Vulnerabilities (1.9.1)

WordPress Plugin Web Stories Server-Side Request Forgery (1.24.0)

WordPress Plugin RSS Aggregator by Feedzy-Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator Server-Side Request Forgery (4.4.7)

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)

WordPress Plugin Like Button Rating-LikeBtn Server-Side Request Forgery (2.6.31)

Severity

High

Classification

CWE-918 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

SSRF Acumonitor Api Ssrf