Server-Side Request Forgery (SSRF)
GPTKB entity
Statements (49)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
Web security vulnerability
|
| gptkbp:abbreviation |
SSRF
|
| gptkbp:affects |
Web applications
|
| gptkbp:canBeBypassedBy |
Firewalls
Access control lists Network access controls |
| gptkbp:cause |
Remote code execution
Sensitive data exposure Denial of service Internal network scanning |
| gptkbp:describes |
A vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
|
| gptkbp:detects |
Log analysis
Penetration testing Bug bounty programs Dynamic application security testing (DAST) Web application firewalls (WAFs) |
| gptkbp:exploits |
gptkb:REST_API
File importers Image uploaders PDF generators SSO integrations URL fetch functionality |
| gptkbp:firstDescribed |
2002
|
| https://www.w3.org/2000/01/rdf-schema#label |
Server-Side Request Forgery (SSRF)
|
| gptkbp:listedOn |
gptkb:OWASP_Top_10
gptkb:CWE-918 |
| gptkbp:mitigatedBy |
Network segmentation
Least privilege principle Regular security reviews Disabling unused protocols Educating developers Monitoring outbound requests Patching vulnerable libraries Using SSRF-specific security tools Using secure cloud configurations |
| gptkbp:notableEvent |
Capital One data breach
Microsoft Azure SSRF vulnerabilities |
| gptkbp:prevention |
Input validation
Allowlisting URLs Blocking internal IP ranges Disabling unnecessary network access Using metadata service protections |
| gptkbp:relatedTo |
gptkb:Open_Web_Application_Security_Project_(OWASP)
|
| gptkbp:target |
Cloud metadata services
Internal services Localhost Private IP ranges |
| gptkbp:bfsParent |
gptkb:OWASP_Top_Ten
|
| gptkbp:bfsLayer |
5
|