Server-Side Request Forgery (SSRF)
GPTKB entity
Statements (49)
Predicate | Object |
---|---|
gptkbp:instanceOf |
Web security vulnerability
|
gptkbp:abbreviation |
SSRF
|
gptkbp:affects |
Web applications
|
gptkbp:canBeBypassedBy |
Firewalls
Access control lists Network access controls |
gptkbp:cause |
Remote code execution
Sensitive data exposure Denial of service Internal network scanning |
gptkbp:describes |
A vulnerability that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing.
|
gptkbp:detects |
Log analysis
Penetration testing Bug bounty programs Dynamic application security testing (DAST) Web application firewalls (WAFs) |
gptkbp:exploits |
gptkb:REST_API
File importers Image uploaders PDF generators SSO integrations URL fetch functionality |
gptkbp:firstDescribed |
2002
|
https://www.w3.org/2000/01/rdf-schema#label |
Server-Side Request Forgery (SSRF)
|
gptkbp:listedOn |
gptkb:OWASP_Top_10
gptkb:CWE-918 |
gptkbp:mitigatedBy |
Network segmentation
Least privilege principle Regular security reviews Disabling unused protocols Educating developers Monitoring outbound requests Patching vulnerable libraries Using SSRF-specific security tools Using secure cloud configurations |
gptkbp:notableEvent |
Capital One data breach
Microsoft Azure SSRF vulnerabilities |
gptkbp:prevention |
Input validation
Allowlisting URLs Blocking internal IP ranges Disabling unnecessary network access Using metadata service protections |
gptkbp:relatedTo |
gptkb:Open_Web_Application_Security_Project_(OWASP)
|
gptkbp:target |
Cloud metadata services
Internal services Localhost Private IP ranges |
gptkbp:bfsParent |
gptkb:OWASP_Top_Ten
|
gptkbp:bfsLayer |
5
|