Statements (23)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:Common_Weakness_Enumeration
|
| gptkbp:category |
Software Weakness
|
| gptkbp:consequence |
Information Disclosure
Access to Internal Resources Bypass of Security Controls |
| gptkbp:describes |
The software constructs all or part of a request to another system, but does not sufficiently validate or sanitize user-controllable data before sending the request.
|
| gptkbp:example |
An attacker supplies a URL to an internal resource, causing the server to make a request to that resource.
|
| gptkbp:externalLink |
https://cwe.mitre.org/data/definitions/918.html
|
| gptkbp:foundIn |
APIs
Web Applications |
| gptkbp:mitigatedBy |
Validate and sanitize all user-supplied input used in requests.
Restrict network access from the application server. Use allow-lists for URLs or hosts. |
| gptkbp:name |
gptkb:Server-Side_Request_Forgery_(SSRF)
|
| gptkbp:relatedTo |
gptkb:CWE-601
CWE-610 OWASP Top 10 A10:2021 |
| gptkbp:status |
Draft
|
| gptkbp:vulnerableTo |
918
|
| gptkbp:weakness |
gptkb:Base
|
| gptkbp:bfsParent |
gptkb:CWE
|
| gptkbp:bfsLayer |
7
|
| https://www.w3.org/2000/01/rdf-schema#label |
CWE-918
|