Statements (23)
Predicate | Object |
---|---|
gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
gptkbp:category |
Software Weakness
|
gptkbp:consequence |
Information Disclosure
Access to Internal Resources Bypass of Security Controls |
gptkbp:describes |
The software constructs all or part of a request to another system, but does not sufficiently validate or sanitize user-controllable data before sending the request.
|
gptkbp:example |
An attacker supplies a URL to an internal resource, causing the server to make a request to that resource.
|
gptkbp:externalLink |
https://cwe.mitre.org/data/definitions/918.html
|
gptkbp:foundIn |
APIs
Web Applications |
https://www.w3.org/2000/01/rdf-schema#label |
CWE-918
|
gptkbp:mitigatedBy |
Validate and sanitize all user-supplied input used in requests.
Restrict network access from the application server. Use allow-lists for URLs or hosts. |
gptkbp:name |
gptkb:Server-Side_Request_Forgery_(SSRF)
|
gptkbp:relatedTo |
gptkb:CWE-601
CWE-610 OWASP Top 10 A10:2021 |
gptkbp:status |
Draft
|
gptkbp:vulnerableTo |
918
|
gptkbp:weakness |
gptkb:Base
|
gptkbp:bfsParent |
gptkb:Server-Side_Request_Forgery_(SSRF)
|
gptkbp:bfsLayer |
6
|