CWE-918

Server-Side Request Forgery (SSRF)

Parent: CWE-441 - Unintended Proxy or Intermediary ('Confused Deputy')

The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

2,758 vulnerabilities with CWE-918
CVE-2017-7569 HIGH
vBulletin < 5.2.6 - Server-Side Request Forgery via PHP parse_url Bypass
CVSS 8.6
CVE-2017-7566 HIGH
MyBB < 1.8.11 - Server-Side Request Forgery via Protection Mechanism Bypass
CVSS 7.7
CVE-2017-6130 HIGH
F5 SSL Intercept iApp 1.5.0-1.5.7 and SSL Orchestrator 2.0 - Server-Side Request Forgery via Dynamic Domain Bypass
CVSS 7.4
CVE-2017-7272 HIGH
PHP < 7.1.3 - Server-Side Request Forgery via fsockopen/pfsockopen Port Parsing
CVSS 7.4
CVE-2017-7200 MEDIUM
OpenStack Glance < Newton - Server-Side Request Forgery via Image Service API v1 copy_from Feature
CVSS 5.8
CVE-2017-5643 HIGH
Apache Camel < 2.16.0 - Server-Side Request Forgery via Remote DTDs
CVSS 7.4
CVE-2017-5617 HIGH
Debian Linux < 1.1.2 - SSRF
CVSS 7.4
CVE-2017-5518 HIGH
GeniXCMS < 0.0.8 - Server-Side Request Forgery via Media File Upload
CVSS 7.4
CVE-2016-10927 CRITICAL
Nelio AB Testing < 4.5.11 - Server-Side Request Forgery via ajax/iesupport.php
CVSS 10.0
CVE-2016-10926 CRITICAL
nelio-ab-testing < 4.5.9 - Server-Side Request Forgery via ajax/iesupport.php
CVSS 10.0
CVE-2016-7051 HIGH
jackson-dataformat-xml < 2.7.8 - Server-Side Request Forgery via DTD Processing
CVSS 8.6
CVE-2016-6001 LOW
IBM Forms Experience Builder - SSRF
CVSS 3.1
CVE-2016-9417 HIGH
MyBB and Merge System < 1.8.8 - Server-Side Request Forgery
CVSS 7.4
CVE-2016-6621 HIGH
phpMyAdmin <4.0.10.19, <4.4.15.10, <4.6.6 - SSRF
CVSS 8.6
CVE-2016-7999 HIGH
SPIP < 3.1.2 - Server-Side Request Forgery via var_url Parameter
CVSS 7.4
CVE-2016-4046 MEDIUM
Open-Xchange OX App Suite <7.8.1-rev11 - Info Disclosure
CVSS 5.8
CVE-2016-9752 HIGH
Serendipity < 2.0.5 - Server-Side Request Forgery via Malformed IP Address or 30x Redirection
CVSS 8.6
CVE-2016-5968 MEDIUM
IBM Tealeaf Customer Experience <8.7.1.8847 FP10-<9.0.2.1223 FP3 - ...
CVSS 5.3
CVE-2016-7964 HIGH
DokuWiki 2016-06-26a - Server-Side Request Forgery via Media File Fetching
CVSS 8.6
CVE-2016-6483 HIGH
vBulletin <4.2.2 PL6-5.2.2 PL1 - SSRF
CVSS 8.6
CVE-2016-4374 HIGH
HPE Release Control (RC) <9.21.0005 - SSRF
CVSS 7.7
CVE-2016-4029 HIGH
WordPress < 4.5 - Server-Side Request Forgery via Octal and Hexadecimal IP Address Bypass
CVSS 8.6
CVE-2016-3718 MEDIUM KEV
ImageMagick <6.9.3-10, <7.0.1-1 - Server-Side Request Forgery
CVSS 5.5
CVE-2015-7570 HIGH
Yeager CMS 1.2.1 - Server-Side Request Forgery via dbhost Parameter
CVSS 7.2
CVE-2015-8813 HIGH
Umbraco < 7.4.0 - Server-Side Request Forgery via FeedProxy URL Parameter
CVSS 8.2
Details
Vulnerabilities 2,758
Links
MITRE CWE Entry Search this CWE With Exploits