CWE-918 - Server-Side Request Forgery (SSRF)


The web server gets a URL from an upstream component and reads it. Under the influence of the weakness server can't garantee that data analyzed were transmitted to the proper destination.
After getting URLs to unknown ports and hosts by attackers, the server sends requests, trying to bypass URLs access control. Web servers can also play a role of proxy, applied for port scanning of hosts in internal networks and using additional websites or protocols, allowing to get access to the documents and control contents of requests.
The vulnerability has the biggest influence on integrity and confidentiality of the data and allows attackers not only to steal data, but also perform anathorized actions.
The weakness is introduced during Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-918


Description of CWE-918 on Mitre website