Server-Side Request Forgery (SSRF)

GPTKB entity

Statements (49)
Predicate Object
gptkbp:instanceOf Web security vulnerability
gptkbp:abbreviation SSRF
gptkbp:affects Web applications
gptkbp:canBeBypassedBy Firewalls
Access control lists
Network access controls
gptkbp:cause Remote code execution
Sensitive data exposure
Denial of service
Internal network scanning
gptkbp:describes A vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
gptkbp:detects Log analysis
Penetration testing
Bug bounty programs
Dynamic application security testing (DAST)
Web application firewalls (WAFs)
gptkbp:exploits gptkb:REST_API
File importers
Image uploaders
PDF generators
SSO integrations
URL fetch functionality
gptkbp:firstDescribed 2002
https://www.w3.org/2000/01/rdf-schema#label Server-Side Request Forgery (SSRF)
gptkbp:listedOn gptkb:OWASP_Top_10
gptkb:CWE-918
gptkbp:mitigatedBy Network segmentation
Least privilege principle
Regular security reviews
Disabling unused protocols
Educating developers
Monitoring outbound requests
Patching vulnerable libraries
Using SSRF-specific security tools
Using secure cloud configurations
gptkbp:notableEvent Capital One data breach
Microsoft Azure SSRF vulnerabilities
gptkbp:prevention Input validation
Allowlisting URLs
Blocking internal IP ranges
Disabling unnecessary network access
Using metadata service protections
gptkbp:relatedTo gptkb:Open_Web_Application_Security_Project_(OWASP)
gptkbp:target Cloud metadata services
Internal services
Localhost
Private IP ranges
gptkbp:bfsParent gptkb:OWASP_Top_Ten
gptkbp:bfsLayer 5