Description

A reverse proxy or the web application uses values of an HTTP request to route the request. It leads to SSRF vulnerability. SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force a server into sending packets to the local interface or to another server behind the firewall. Consult Web References for more information about this problem. This script could generate false positive alerts if the scanner is configured to use an HTTP-proxy.

Remediation

Properly sanitize user requests or use a special sandboxed host to route requests to remote resources

References

Cracking the lens: targeting HTTP's hidden attack-surface

What is Server Side Request Forgery (SSRF)?

SSRF bible. Cheatsheet

Related Vulnerabilities

WordPress Plugin Telefication Server-Side Request Forgery (1.8.0)

Oracle E-Business Suite SQL injection (CVE-2017-3549)

WordPress Plugin wpForo Forum Multiple Vulnerabilities (2.1.7)

SAP Hybris Deserialization RCE

WordPress Plugin Rank Math SEO-Best SEO For WordPress To Increase Your SEO Traffic Server-Side Request Forgery (1.0.95)

Severity

High

Classification

CWE-918 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

SSRF Acumonitor