CWE-918
AllowedServer-Side Request Forgery (SSRF)
Abstraction: Base · Status: Incomplete
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
4650 vulnerabilities reference this CWE, most recent first.
GHSA-Q2GC-2P96-WXG9
Vulnerability from github – Published: 2026-07-14 03:31 – Updated: 2026-07-14 03:31A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label "not planned".
{
"affected": [],
"aliases": [
"CVE-2026-15620"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-07-14T01:16:16Z",
"severity": "LOW"
},
"details": "A security vulnerability has been detected in mosaxiv clawlet up to 0.2.10. This affects the function tools.webFetch of the file tools/tool_web_fetch.go. Such manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The reported GitHub issue was closed with the label \"not planned\".",
"id": "GHSA-q2gc-2p96-wxg9",
"modified": "2026-07-14T03:31:34Z",
"published": "2026-07-14T03:31:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-15620"
},
{
"type": "WEB",
"url": "https://github.com/mosaxiv/clawlet/issues/14"
},
{
"type": "WEB",
"url": "https://github.com/mosaxiv/clawlet"
},
{
"type": "WEB",
"url": "https://vuldb.com/cve/CVE-2026-15620"
},
{
"type": "WEB",
"url": "https://vuldb.com/submit/855795"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/378123"
},
{
"type": "WEB",
"url": "https://vuldb.com/vuln/378123/cti"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q2P7-5M6X-29X8
Vulnerability from github – Published: 2026-05-19 18:32 – Updated: 2026-05-19 18:32Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.
{
"affected": [],
"aliases": [
"CVE-2026-47356"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-19T17:16:22Z",
"severity": "HIGH"
},
"details": "Terrascan v1.18.3 and prior are vulnerable to Server-Side Request Forgery (SSRF) via the webhook_url parameter in the file scan endpoint (POST /v1/{iac}/{iacVersion}/{cloud}/local/file/scan) when running in server mode. An unauthenticated remote attacker can supply an arbitrary URL as the webhook_url multipart form parameter. After scanning the uploaded file, Terrascan sends an HTTP POST request to the attacker-controlled URL containing the full scan results as a JSON body, with the attacker-supplied webhook_token forwarded as a Bearer token in the Authorization header. The retryable HTTP client retries up to 10 times on failure. This affects deployments running terrascan in server mode (terrascan server), which binds to 0.0.0.0 with no authentication. Note: Terrascan was archived in August 2023 and no patch will be released.",
"id": "GHSA-q2p7-5m6x-29x8",
"modified": "2026-05-19T18:32:13Z",
"published": "2026-05-19T18:32:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-47356"
},
{
"type": "WEB",
"url": "https://github.com/tenable/terrascan"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:L/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q2PQ-WMHC-M7HV
Vulnerability from github – Published: 2024-10-22 18:32 – Updated: 2024-10-22 21:30An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE).
{
"affected": [],
"aliases": [
"CVE-2024-45518"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-22T17:15:03Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Zimbra Collaboration (ZCS) 10.1.x before 10.1.1, 10.0.x before 10.0.9, 9.0.0 before Patch 41, and 8.8.15 before Patch 46. It allows authenticated users to exploit Server-Side Request Forgery (SSRF) due to improper input sanitization and misconfigured domain whitelisting. This issue permits unauthorized HTTP requests to be sent to internal services, which can lead to Remote Code Execution (RCE) by chaining Command Injection within the internal service. When combined with existing XSS vulnerabilities, this SSRF issue can further facilitate Remote Code Execution (RCE).",
"id": "GHSA-q2pq-wmhc-m7hv",
"modified": "2024-10-22T21:30:37Z",
"published": "2024-10-22T18:32:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45518"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Security_Center"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.9#Security_Fixes"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/10.1.1#Security_Fixes"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P41#Security_Fixes"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Responsible_Disclosure_Policy"
},
{
"type": "WEB",
"url": "https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q2Q9-Q8MV-PV59
Vulnerability from github – Published: 2024-10-28 21:30 – Updated: 2024-10-30 18:30SparkShop <=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.
{
"affected": [],
"aliases": [
"CVE-2024-48107"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-28T21:15:09Z",
"severity": "MODERATE"
},
"details": "SparkShop \u003c=1.1.7 is vulnerable to server-side request forgery (SSRF). This vulnerability allows attacks to scan ports on the Intranet or local network where the server resides, attack applications running on the Intranet or local network, or read metadata on the cloud server.",
"id": "GHSA-q2q9-q8mv-pv59",
"modified": "2024-10-30T18:30:48Z",
"published": "2024-10-28T21:30:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-48107"
},
{
"type": "WEB",
"url": "https://gist.github.com/RMAX2000/ebb654016e5b8a5b55aa6d8a7f2f321a#file-cve-2024-48107"
},
{
"type": "WEB",
"url": "https://gitee.com/sparkshop/sparkshop"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q2WP-R77C-3CW8
Vulnerability from github – Published: 2025-07-10 18:31 – Updated: 2025-11-05 00:31SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker. Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.
Users are recommended to upgrade to version 2.4.64 which fixes this issue.
{
"affected": [],
"aliases": [
"CVE-2024-43204"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-07-10T17:15:45Z",
"severity": "HIGH"
},
"details": "SSRF in Apache HTTP Server with mod_proxy loaded allows an attacker to send outbound proxy requests to a URL controlled by the attacker.\u00a0 Requires an unlikely configuration where mod_headers is configured to modify the Content-Type request or response header with a value provided in the HTTP request.\n\nUsers are recommended to upgrade to version 2.4.64 which fixes this issue.",
"id": "GHSA-q2wp-r77c-3cw8",
"modified": "2025-11-05T00:31:20Z",
"published": "2025-07-10T18:31:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43204"
},
{
"type": "WEB",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/2"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2025/07/10/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-Q2X5-4XJX-C6P9
Vulnerability from github – Published: 2026-01-21 22:49 – Updated: 2026-01-22 15:41Impact
The FetchUrlReader component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in backend.reading.allow to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control.
This is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers.
Patches
This vulnerability is fixed in @backstage/backend-defaults version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later.
Workarounds
- Restrict
backend.reading.allowto only trusted hosts that you control and that do not issue redirects - Ensure allowed hosts do not have open redirect vulnerabilities
- Use network-level controls to block access from Backstage to sensitive internal endpoints
References
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@backstage/backend-defaults"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@backstage/backend-defaults"
},
"ranges": [
{
"events": [
{
"introduced": "0.13.0"
},
{
"fixed": "0.13.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "@backstage/backend-defaults"
},
"ranges": [
{
"events": [
{
"introduced": "0.14.0"
},
{
"fixed": "0.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24048"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-21T22:49:37Z",
"nvd_published_at": "2026-01-21T23:15:53Z",
"severity": "LOW"
},
"details": "### Impact\n\nThe `FetchUrlReader` component, used by the catalog and other plugins to fetch content from URLs, followed HTTP redirects automatically. This allowed an attacker who controls a host listed in `backend.reading.allow` to redirect requests to internal or sensitive URLs that are not on the allowlist, bypassing the URL allowlist security control.\n\nThis is a Server-Side Request Forgery (SSRF) vulnerability that could allow access to internal resources, but it does not allow attackers to include additional request headers.\n\n### Patches\n\nThis vulnerability is fixed in `@backstage/backend-defaults` version 0.12.2, 0.13.2, 0.14.1, and 0.15.0. Users should upgrade to this version or later.\n\n### Workarounds\n\n- Restrict `backend.reading.allow` to only trusted hosts that you control and that do not issue redirects\n- Ensure allowed hosts do not have open redirect vulnerabilities\n- Use network-level controls to block access from Backstage to sensitive internal endpoints\n\n### References\n\n- [OWASP SSRF Prevention Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html)",
"id": "GHSA-q2x5-4xjx-c6p9",
"modified": "2026-01-22T15:41:25Z",
"published": "2026-01-21T22:49:37Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/backstage/backstage/security/advisories/GHSA-q2x5-4xjx-c6p9"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24048"
},
{
"type": "WEB",
"url": "https://github.com/backstage/backstage/commit/27f9061d24affd1b9212fe0abd476bfc3fbaedcb"
},
{
"type": "PACKAGE",
"url": "https://github.com/backstage/backstage"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Backstage has a Possible SSRF when reading from allowed URL\u0027s in `backend.reading.allow`"
}
GHSA-Q347-CG56-PCQ4
Vulnerability from github – Published: 2022-03-14 22:57 – Updated: 2022-03-14 22:57Impact
The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected.
Patches
Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to 0.12.5 or the latest 0.13.0+dev.
Workarounds
Run Gogs in its own private network.
References
https://www.huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531/
For more information
If you have any questions or comments about this advisory, please post on #6754.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "gogs.io/gogs"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2022-03-14T22:57:00Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\n\nThe malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected.\n\n### Patches\n\nInternal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to 0.12.5 or the latest 0.13.0+dev.\n\n### Workarounds\n\nRun Gogs in its own private network.\n\n### References\n\nhttps://www.huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531/\n\n### For more information\n\nIf you have any questions or comments about this advisory, please post on #6754.\n",
"id": "GHSA-q347-cg56-pcq4",
"modified": "2022-03-14T22:57:00Z",
"published": "2022-03-14T22:57:00Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/gogs/gogs/security/advisories/GHSA-q347-cg56-pcq4"
},
{
"type": "PACKAGE",
"url": "https://github.com/gogs/gogs"
},
{
"type": "WEB",
"url": "https://www.huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "SSRF in repository migration"
}
GHSA-Q348-F93X-9GX4
Vulnerability from github – Published: 2021-04-29 21:53 – Updated: 2021-04-28 22:29Impact
Lack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).
Resolution
Validate the provided Zendesk subdomain to be a valid subdomain in: * getAuthUrl * getAccessToken
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "zendesk/zendesk_api_client_php"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.2.11"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-30492"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-918"
],
"github_reviewed": true,
"github_reviewed_at": "2021-04-28T22:29:16Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "### Impact\nLack of input validation of the Zendesk subdomain could expose users of the library to Server Side Request Forgery (SSRF).\n\n### Resolution\nValidate the provided Zendesk subdomain to be a valid subdomain in:\n* getAuthUrl\n* getAccessToken",
"id": "GHSA-q348-f93x-9gx4",
"modified": "2021-04-28T22:29:16Z",
"published": "2021-04-29T21:53:06Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/zendesk/zendesk_api_client_php/security/advisories/GHSA-q348-f93x-9gx4"
},
{
"type": "WEB",
"url": "https://github.com/zendesk/zendesk_api_client_php/pull/466"
},
{
"type": "WEB",
"url": "https://github.com/zendesk/zendesk_api_client_php/commit/b451b743d9d6d81a9abf7cb86e70ec9c5332123e"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Lack of Input Validation in zendesk_api_client_php for Zendesk Subdomain"
}
GHSA-Q445-CMJC-PJFP
Vulnerability from github – Published: 2022-04-29 00:00 – Updated: 2022-05-11 00:02The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.
{
"affected": [],
"aliases": [
"CVE-2022-29556"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-28T20:15:00Z",
"severity": "CRITICAL"
},
"details": "The iot-manager microservice 1.0.0 in Northern.tech Mender Enterprise before 3.2.2 allows SSRF because the Azure IoT Hub integration provides several SSRF primitives that can execute cross-tenant actions via internal API endpoints.",
"id": "GHSA-q445-cmjc-pjfp",
"modified": "2022-05-11T00:02:08Z",
"published": "2022-04-29T00:00:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-29556"
},
{
"type": "WEB",
"url": "https://mender.io/blog/cve-2022-29555-and-cve-2022-29556-vulnerabilities-in-iot-manager-and-deviceconnect"
},
{
"type": "WEB",
"url": "https://northern.tech"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-Q44W-9XJG-492G
Vulnerability from github – Published: 2025-12-01 15:30 – Updated: 2026-02-06 15:30An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.
{
"affected": [],
"aliases": [
"CVE-2025-27232"
],
"database_specific": {
"cwe_ids": [
"CWE-918"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-12-01T13:16:00Z",
"severity": "MODERATE"
},
"details": "An authenticated Zabbix Super Admin can exploit the oauth.authorize action to read arbitrary files from the webserver leading to potential confidentiality loss.",
"id": "GHSA-q44w-9xjg-492g",
"modified": "2026-02-06T15:30:59Z",
"published": "2025-12-01T15:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27232"
},
{
"type": "WEB",
"url": "https://support.zabbix.com/browse/ZBX-27282"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
No mitigation information available for this CWE.
CAPEC-664: Server Side Request Forgery
An adversary exploits improper input validation by submitting maliciously crafted input to a target application running on a server, with the goal of forcing the server to make a request either to itself, to web services running in the server’s internal network, or to external third parties. If successful, the adversary’s request will be made with the server’s privilege level, bypassing its authentication controls. This ultimately allows the adversary to access sensitive data, execute commands on the server’s network, and make external requests with the stolen identity of the server. Server Side Request Forgery attacks differ from Cross Site Request Forgery attacks in that they target the server itself, whereas CSRF attacks exploit an insecure user authentication mechanism to perform unauthorized actions on the user's behalf.