Server-Side Request Forgery (SSRF)

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVEs (2,678)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2017-5617 2Debian Kitfox 2Debian Linux Svg Salamander May 13, 2026 Mar 16, 2017 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file.
CVE-2015-8813 1Umbraco 1Umbraco May 13, 2026 Mar 3, 2017 N/A· v4 8.2 HIGH· v3 4.3 MEDIUM· v2 The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter.
CVE-2016-6001 1Ibm 1Forms Experience Builder May 13, 2026 Feb 1, 2017 N/A· v4 3.1 LOW· v3 3.5 LOW· v2 IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources.
CVE-2016-9417 1Mybb 2Merge System Mybb May 13, 2026 Jan 31, 2017 N/A· v4 7.4 HIGH· v3 5.8 MEDIUM· v2 The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2016-6621 1Phpmyadmin 1Phpmyadmin May 13, 2026 Jan 31, 2017 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors.
CVE-2016-7999 1Spip 1Spip May 13, 2026 Jan 18, 2017 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action.
CVE-2017-5518 1Metalgenix 1Genixcms May 13, 2026 Jan 17, 2017 N/A· v4 7.4 HIGH· v3 4.3 MEDIUM· v2 The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address.
CVE-2016-4046 1Open Xchange 1Open Xchange Appsuite May 6, 2026 Dec 15, 2016 N/A· v4 5.8 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can...Show more An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. The API to configure external mail accounts can be abused to map and access network components within the trust boundary of the operator. Users can inject arbitrary hosts and ports to API calls. Depending on the response type, content and latency, information about existence of hosts and services can be gathered. Attackers can get internal configuration information about the infrastructure of an operator to prepare subsequent attacks.Show less
CVE-2016-9752 1S9y 1Serendipity May 6, 2026 Dec 1, 2016 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code.
CVE-2016-5968 1Ibm 1Tealeaf Customer Experience May 6, 2026 Nov 25, 2016 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A b...Show more The Replay Server in IBM Tealeaf Customer Experience 8.x before 8.7.1.8847 FP10, 8.8.x before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108 FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224 FP3 allows remote attackers to conduct SSRF attacks via unspecified vectors.Show less
CVE-2016-7964 1Dokuwiki 1Dokuwiki May 6, 2026 Oct 31, 2016 N/A· v4 8.6 HIGH· v3 4.3 MEDIUM· v2 The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan...Show more The sendRequest method in HTTPClient Class in file /inc/HTTPClient.php in DokuWiki 2016-06-26a and older, when media file fetching is enabled, has no way to restrict access to private networks. This allows users to scan ports of internal networks via SSRF, such as 10.0.0.1/8, 172.16.0.0/12, and 192.168.0.0/16.Show less
CVE-2016-6483 1Vbulletin 1Vbulletin May 6, 2026 Sep 2, 2016 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5...Show more The media-file upload feature in vBulletin before 3.8.7 Patch Level 6, 3.8.8 before Patch Level 2, 3.8.9 before Patch Level 1, 4.x before 4.2.2 Patch Level 6, 4.2.3 before Patch Level 2, 5.x before 5.2.0 Patch Level 3, 5.2.1 before Patch Level 1, and 5.2.2 before Patch Level 1 allows remote attackers to conduct SSRF attacks via a crafted URL that results in a Redirection HTTP status code.Show less
CVE-2016-4374 1Hp 1Release Control May 6, 2026 Aug 8, 2016 N/A· v4 7.7 HIGH· v3 4.0 MEDIUM· v2 HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial o...Show more HPE Release Control (RC) 9.13, 9.20, and 9.21 before 9.21.0005 p4 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks, and consequently obtain sensitive information or cause a denial of service, via unspecified vectors.Show less
CVE-2016-4029 2Debian Wordpress 2Debian Linux Wordpress May 6, 2026 Aug 7, 2016 N/A· v4 8.6 HIGH· v3 5.0 MEDIUM· v2 WordPress before 4.5 does not consider octal and hexadecimal IP address formats when determining an intranet address, which allows remote attackers to bypass an intended SSRF protection mechanism via a crafted address.
CVE-2016-3718 6Canonical ImagemagickOpensuse+3 more 30Enterprise Linux Desktop Enterprise Linux EusEnterprise Linux For Ibm Z Systems+27 more Apr 22, 2026 May 5, 2016 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The (1) HTTP and (2) FTP coders in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted image.
CVE-2010-1637 4Apple FedoraprojectRedhat+1 more 7Enterprise Linux Desktop Enterprise Linux ServerEnterprise Linux Workstation+4 more Apr 29, 2026 Jun 22, 2010 N/A· v4 6.5 MEDIUM· v3 4.0 MEDIUM· v2 The Mail Fetch plugin in SquirrelMail 1.4.20 and earlier allows remote authenticated users to bypass firewall restrictions and use SquirrelMail as a proxy to scan internal networks via a modified POP3 port number.
CVE-2004-2061 1Risearch 2Risearch Risearch Pro Apr 16, 2026 Jul 27, 2004 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://, or (3) file:// URL.
CVE-2002-1484 1Siemens 1Db4web Apr 16, 2026 Apr 22, 2003 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP...Show more DB4Web server, when configured to use verbose debug messages, allows remote attackers to use DB4Web as a proxy and attempt TCP connections to other systems (port scan) via a request for a URL that specifies the target IP address and port, which produces a connection status in the resulting error message.Show less

Previous 1...130 131 132 133134