Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,642)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-7913 1Magento 1Magento Nov 21, 2024 Aug 2, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to ma...Show more A server-side request forgery (SSRF) vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with admin privileges to manipulate shipment methods to execute arbitrary code.Show less
CVE-2019-7911 1Magento 1Magento Nov 21, 2024 Aug 2, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3...Show more A server-side request forgery (SSRF) vulnerability exists in Magento Open Source prior to 1.9.4.2, and Magento Commerce prior to 1.14.4.2, Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with access to the admin panel to manipulate system configuration and execute arbitrary code.Show less
CVE-2019-7892 1Magento 1Magento Nov 21, 2024 Aug 2, 2019 N/A· v4 7.2 HIGH· v3 6.5 MEDIUM· v2 A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can exe...Show more A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. An authenticated user with administrator privileges to access shipment settings can execute arbitrary code via server-side request forgery.Show less
CVE-2019-7616 1Elastic 1Kibana Nov 21, 2024 Jul 30, 2019 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite....Show more Kibana versions before 6.8.2 and 7.2.1 contain a server side request forgery (SSRF) flaw in the graphite integration for Timelion visualizer. An attacker with administrative Kibana access could set the timelion:graphite.url configuration option to an arbitrary URL. This could possibly lead to an attacker accessing external URL resources as the Kibana process on the host system.Show less
CVE-2018-19571 1Gitlab 1Gitlab Nov 21, 2024 Jul 10, 2019 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 GitLab CE/EE, versions 8.18 up to 11.x before 11.3.11, 11.4 before 11.4.8, and 11.5 before 11.5.1, are vulnerable to an SSRF vulnerability in webhooks.
CVE-2018-19495 1Gitlab 1Gitlab Nov 21, 2024 Jul 10, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in GitLab Community and Enterprise Edition before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is an SSRF vulnerability in the Prometheus integration.
CVE-2019-9827 1Hawt 1Hawtio Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Hawt Hawtio through 2.5.0 is vulnerable to SSRF, allowing a remote attacker to trigger an HTTP request from an affected server to an arbitrary host via the initial /proxy/ substring of a URI.
CVE-2019-12852 1Jetbrains 1Youtrack Nov 21, 2024 Jul 3, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An SSRF attack was possible on a JetBrains YouTrack server. The issue (1 of 2) was fixed in JetBrains YouTrack 2018.4.49168.
CVE-2019-12153 1Realobjects 1Pdfreactor Nov 21, 2024 Jun 11, 2019 N/A· v4 10.0 CRITICAL· v3 6.4 MEDIUM· v2 Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.
CVE-2019-9187 1Ikiwiki 1Ikiwiki Nov 21, 2024 Jun 5, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
CVE-2019-1872 1Cisco 1Telepresence Video Communication Server Nov 21, 2024 Jun 5, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests....Show more A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system.Show less
CVE-2019-6981 1Synacor 1Zimbra Collaboration Suite Nov 21, 2024 May 29, 2019 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.
CVE-2018-17198 1Apache 1Roller Nov 21, 2024 May 28, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser...Show more Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> -->Show less
CVE-2017-13667 1Open Xchange 1Open Xchange Appsuite Nov 21, 2024 May 23, 2019 N/A· v4 9.9 CRITICAL· v3 6.5 MEDIUM· v2 OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
CVE-2017-15029 1Open Xchange 1Open Xchange Appsuite Nov 21, 2024 May 23, 2019 N/A· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.
CVE-2019-12161 1Webpagetest 1Webpagetest Nov 21, 2024 May 17, 2019 N/A· v4 8.8 HIGH· v3 4.0 MEDIUM· v2 WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).
CVE-2019-6516 1Wso2 1Dashboard Server May 30, 2025 May 14, 2019 N/A· v4 5.8 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-sc...Show more An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF.Show less
CVE-2019-6512 1Wso2 1Api Manager May 30, 2025 May 14, 2019 N/A· v4 4.1 MEDIUM· v3 4.0 MEDIUM· v2 An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to...Show more An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.Show less
CVE-2019-11066 1Lightopenid Project 1Lightopenid Nov 21, 2024 May 10, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method.
CVE-2019-7652 1Thehive Project 1Cortex Analyzers Nov 21, 2024 May 9, 2019 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF...Show more TheHive Project UnshortenLink analyzer before 1.1, included in Cortex-Analyzers before 1.15.2, has SSRF. To exploit the vulnerability, an attacker must create a new analysis, select URL for Data Type, and provide an SSRF payload like "http://127.0.0.1:22" in the Data parameter. The result can be seen in the main dashboard. Thus, it is possible to do port scans on localhost and intranet hosts.Show less

Previous 1...123124125...133 Next