Description
Server-Side Request Forgery (SSRF) is a vulnerability where an attacker manipulates a server to make unintended requests to internal or external resources. SSRF can be exploited to access sensitive internal systems, escalate privileges, or exfiltrate data.
Recommendation
To mitigate SSRF vulnerabilities, validate and restrict outgoing requests to a predefined allow list of safe destinations. Avoid allowing user input to control request destinations. Use network segmentation and firewalls to limit internal system exposure.
References
- OWASP: Server-Side Request Forgery (SSRF)
- Wikipedia: Server-side request forgery
- CWE-20
- CWE-918
- CAPEC-664
- OWASP 2021-A10
- OWASP 2021-A3
Related Issues
- Remote File Disclosure - Vulnerability
- Remote File Inclusion - Vulnerability
- Remote URL Inclusion - Vulnerability
- Apache Tomcat Manager Login Found - Vulnerability
- Tags:
- SSRF
- Injection
- Access Control
Anything's wrong? Let us know
Last updated on April 14, 2025