CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2018-1000054 HIGH
Jenkins CCM Plugin < 3.1 - XML External Entity Injection in Build Process
CVSS 8.3
CVE-2018-6186 HIGH
Citrix NetScaler VPX through NS12.0 53.13.nc - Authenticated Server-Side Request Forgery via /rapi/read_url URI
CVSS 8.8
CVE-2018-6029 HIGH
NoneCms 1.3.0 - Server-Side Request Forgery via Article Copy Function
CVSS 7.5
CVE-2018-1042 MEDIUM
Moodle < 3.1.9 and 3.4-3.4.1 - Server-Side Request Forgery via Filepicker
CVSS 6.5
CVE-2017-20157 MEDIUM
Ariadne Component Library <3.0 - SSRF
CVSS 5.5
CVE-2017-20106 MEDIUM
Lithium Forum 2017 Q1 - Server-Side Request Forgery via Compose Message Handler
CVSS 5.3
CVE-2017-17674 CRITICAL
BMC Remedy Mid Tier 9.1SP3 - Server-Side Request Forgery
CVSS 9.8
CVE-2017-18638 HIGH
Graphite < 1.1.5 - Server-Side Request Forgery via Email Composer
CVSS 7.5
CVE-2017-13667 CRITICAL
Open-xchange Appsuite < 7.8.4 - SSRF
CVSS 9.9
CVE-2017-15029 MEDIUM
Open-Xchange App Suite < 7.8.4 - Server-Side Request Forgery
CVSS 4.3
CVE-2017-3164 HIGH
Apache Solr 1.3.0-7.6.0 - Server-Side Request Forgery via Shards Parameter
CVSS 7.5
CVE-2017-0929 HIGH
DNN <9.2.0 - Server-Side Request Forgery
CVSS 7.5
CVE-2017-14611 CRITICAL
Cockpit 0.13.0 - Server-Side Request Forgery via URL Parameter
CVSS 9.1
CVE-2017-14323 CRITICAL
Onethink 1.0 and 1.1 - Server-Side Request Forgery via Ueditor getRemoteImage.php upfile Parameter
CVSS 9.8
CVE-2017-18096 HIGH
Atlassian Application Links <5.2.7, 5.3.0-5.3.4, 5.4.0-5.4.3 - Server-Side Request Forgery
CVSS 7.2
CVE-2017-16614 CRITICAL
tpshop 2.0.5-2.0.6 - Server-Side Request Forgery via WxPay.tedatac.php fBill Parameter
CVSS 9.8
CVE-2017-6201 HIGH
Sandstorm < 0.203 - Server-Side Request Forgery via Install App Process
CVSS 8.1
CVE-2017-18036 MEDIUM
Atlassian Bitbucket < 5.3.0 - Server-Side Request Forgery via GitHub Repository Importer
CVSS 4.3
CVE-2017-16865 MEDIUM
Atlassian Jira < 7.6.1 - Server-Side Request Forgery via Trello Importer
CVSS 5.3
CVE-2017-1000419 HIGH
phpBB 3.2.0 - Server-Side Request Forgery via Remote Avatar Function
CVSS 7.5
CVE-2017-15886 MEDIUM
Synology Chat < 2.0.0-1124 - Authenticated Server-Side Request Forgery via Link Preview
CVSS 6.5
CVE-2017-17697 HIGH
Harbor < 1.3.0 - Server-Side Request Forgery via Ping Endpoint
CVSS 8.6
CVE-2017-16678 MEDIUM
SAP NetWeaver KMC 7.00-7.02, KMC-BC 7.30-7.50 Server-Side Request Forgery
CVSS 4.7
CVE-2017-15943 MEDIUM
PAN-OS < 6.1.19, 7.0.x < 7.0.19, 7.1.x < 7.1.14 - Server-Side Request Forgery via External Entity Parsing
CVSS 5.3
CVE-2017-11291 CRITICAL
Adobe Connect <= 9.6.2 - Server-Side Request Forgery
CVSS 10.0
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits