Server Side Request Forgery

GPTKB entity

Statements (23)
Predicate Object
gptkbp:instanceOf Web security vulnerability
gptkbp:abbreviation SSRF
gptkbp:affects Web applications
gptkbp:cause Remote code execution
Sensitive data exposure
Internal network access
gptkbp:describedBy gptkb:OWASP_Top_Ten
gptkb:CWE-918
gptkbp:detects Security testing tools
Web application firewalls
gptkbp:exploits Server trust in user-supplied URLs
gptkbp:firstAppearance Early 2000s
https://www.w3.org/2000/01/rdf-schema#label Server Side Request Forgery
gptkbp:mitigatedBy Input validation
Allow-listing URLs
Disabling unnecessary URL schemes
gptkbp:relatedTo gptkb:Cross-Site_Request_Forgery
Open redirect vulnerability
gptkbp:target Cloud infrastructure
Internal APIs
Metadata services
gptkbp:bfsParent gptkb:OWASP_API_Security_Top_10
gptkbp:bfsLayer 7