CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2018-16794 HIGH
Microsoft Active Directory Federation Services < 4.0 - Server-Side Request Forgery via txtBoxEmail Parameter
CVSS 8.6
CVE-2018-2463 HIGH
SAP Hybris 6.0-6.7 - Server-Side Request Forgery via XML Parser Misconfiguration
CVSS 8.6
CVE-2018-1789 HIGH
IBM API Connect 2018.1.0-2018.3.4 - Server-Side Request Forgery
CVSS 8.4
CVE-2018-16444 CRITICAL
SeaCMS 6.61 - Server-Side Request Forgery via URL Parameter
CVSS 9.1
CVE-2018-16409 HIGH
Gogs 0.11.53 - Server-Side Request Forgery via Migrate Function
CVSS 8.6
CVE-2018-15895 HIGH
icms < 7.0.11 - Server-Side Request Forgery via Remote Function
CVSS 7.5
CVE-2018-10511 CRITICAL
Trend Micro Control Manager <7.0 - SSRF
CVSS 10.0
CVE-2018-2445 CRITICAL
SAP BusinessObjects Business Intelligence 4.1, 4.2 - Server-Side Request Forgery
CVSS 9.6
CVE-2018-3774 CRITICAL
url-parse < 1.4.3 - Server-Side Request Forgery via Incorrect Hostname Parsing
CVSS 10.0
CVE-2018-15192 HIGH
Gitea/Gogs <1.5.0-rc2/0.11.53 - SSRF
CVSS 8.6
CVE-2018-14728 CRITICAL
Responsive FileManager 9.13.1 - SSRF
CVSS 9.8
CVE-2018-14858 HIGH
icms < 7.0.11 - Server-Side Request Forgery via Remote Function
CVSS 7.5
CVE-2018-1999039 MEDIUM
Jenkins Confluence Publisher Plugin <2.0.1 - SSRF
CVSS 4.3
CVE-2018-1999026 MEDIUM
Jenkins TraceTronic ECU-TEST Plugin <2.3 - SSRF
CVSS 6.5
CVE-2018-1999017 MEDIUM
Pydio < 8.2.0 - Authenticated Server-Side Request Forgery via Upgrade Engine
CVSS 4.9
CVE-2018-14514 CRITICAL
idreamsoft iCMS V7.0.9 - Server-Side Request Forgery
CVSS 9.8
CVE-2018-5006 HIGH
Adobe Experience Manager < 6.4.0 - Server-Side Request Forgery
CVSS 7.5
CVE-2018-5004 HIGH
Adobe Experience Manager 6.2-6.3 - Server-Side Request Forgery
CVSS 7.5
CVE-2018-12809 HIGH
Adobe Experience Manager <6.4 - SSRF
CVSS 7.5
CVE-2018-0403 CRITICAL
Cisco Unified Contact Center Express - Server-Side Request Forgery
CVSS 9.8
CVE-2018-0399 CRITICAL
Cisco Finesse - Unauthenticated Server-Side Request Forgery
CVSS 9.8
CVE-2018-0398 CRITICAL
Cisco Finesse - Unauthenticated Server-Side Request Forgery
CVSS 9.8
CVE-2018-13790 HIGH
concrete5 8.2.0 - Server-Side Request Forgery via File Manager Remote URL Import
CVSS 7.2
CVE-2018-12571 CRITICAL
Microsoft Forefront Unified Access Gateway 2010 - SSRF
CVSS 9.8
CVE-2018-1000606 MEDIUM
Jenkins URLTrigger Plugin <0.41 - SSRF
CVSS 6.5
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits