Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2021-22970 PortlandLabs Concrete Cms 代码问题漏洞 — https://github.com/concrete5/concrete5 9.1 -2021-11-19
CVE-2021-22969 PortlandLabs Concrete Cms 代码问题漏洞 — https://github.com/concrete5/concrete5 4.3 -2021-11-19
CVE-2021-25972 Camaleon CMS - Server-Side Request Forgery (SSRF) in Media Upload Feature — camaleon_cms 4.9 Medium2021-10-20
CVE-2021-32663 Unauthorized setup leads to SSRF in Combodo/iTop — iTop 8.7 High2021-10-19
CVE-2021-22958 Portlandlabs Concrete5 代码问题漏洞 — https://github.com/concrete5/concrete5 9.8 -2021-10-07
CVE-2021-39339 Telefication <= 1.8.0 Open Proxy and Server-Side Request Forgery — Telefication 5.8 Medium2021-09-22
CVE-2021-41084 Response Splitting from unsanitized headers in http4s — http4s 8.7 High2021-09-21
CVE-2021-40438 mod_proxy SSRF — Apache HTTP Server 8.1 -2021-09-16
CVE-2021-33705 SAP Enterprise Portal 代码问题漏洞 — SAP NetWeaver Enterprise Portal 9.3 -2021-09-15
CVE-2021-23029 F5 BIG-IP 代码问题漏洞 — BIG-IP Advanced WAF and BIG-IP ASM 8.1 -2021-09-14
CVE-2021-39195 Server-Side Request Forgery vulnerability in misskey — misskey 7.7 High2021-09-07
CVE-2021-3758 Server-Side Request Forgery (SSRF) in bookstackapp/bookstack — bookstackapp/bookstack 8.1 -2021-09-02
CVE-2021-36043 Magento Commerce Authenticated Blind SSRF Could Lead To Remote Code Execution — Magento Commerce 8.0 High2021-09-01
CVE-2021-28627 Adobe Experience Manager Server-side Request Forgery could lead to Security feature bypass — Experience Manager 5.4 Medium2021-08-24
CVE-2021-37711 Authenticated server-side request forgery in file upload via URL. — platform 8.8 High2021-08-16
CVE-2021-24472 Onair2 < 3.9.9.2 & KenthaRadio < 2.0.2 - Unauthenticated RFI and SSRF — QT KenthaRadio 9.8 -2021-08-02
CVE-2021-24371 RSVPMaker < 8.7.3 - Authenticated (admin+) SSRF — RSVPMaker 2.7 -2021-08-02
CVE-2021-22726 EVlink City、EVlink Parking 和 EVlink Smart Wallbox 代码问题漏洞 — EVlink City (EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1), EVlink Parking (EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1), and EVlink Smart Wallbox (EVB1A all versions prior to R8 V3.4.0.1 ) 9.1 -2021-07-21
CVE-2021-29102 There is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below. — ArcGIS Server 7.5 -2021-07-11
CVE-2021-32639 Server-Side Request Forgery (SSRF) in emissary:emissary — emissary 7.2 High2021-07-02
CVE-2021-32698 Blind Server-Side Request Forgery (SSRF) in eLabFTW — elabftw 6.8 Medium2021-06-21
CVE-2021-34808 Synology Media Server 代码问题漏洞 — Media Server 5.8 Medium2021-06-18
CVE-2021-34811 Synology Download Station 代码问题漏洞 — Download Station 5.0 Medium2021-06-18
CVE-2021-32682 Multiple vulnerabilities leading to RCE — elFinder 9.8 Critical2021-06-14
CVE-2021-33181 Synology Video Station Video Station 代码问题漏洞 — Synology Video Station 6.6 Medium2021-06-01
CVE-2021-33184 Synology Download Station 代码问题漏洞 — Synology Download Station 7.7 High2021-06-01
CVE-2021-25640 Open Redirect or SSRF vulnerability usage of parseURL — Apache Dubbo 8.2 -2021-05-31
CVE-2020-14328 Red Hat Ansible 代码问题漏洞 — Tower 5.5 -2021-05-27
CVE-2020-14327 Red Hat Ansible 代码问题漏洞 — Tower 5.5 -2021-05-27
CVE-2021-29490 Unauthenticated GET requests through Remote Image endpoints — jellyfin 5.8 Medium2021-05-05

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.