Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-918 (服务端请求伪造(SSRF)) — Vulnerability Class 1540

1540 vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)). AI Chinese analysis included.

CWE-918, Server-Side Request Forgery, is a critical web security weakness where an application allows users to specify URLs that the server subsequently fetches without adequate validation. Attackers typically exploit this by manipulating input parameters to force the server to access internal resources, such as cloud metadata services or local network endpoints, which are otherwise inaccessible from the outside. This bypasses perimeter defenses, potentially leading to sensitive data exposure or internal network reconnaissance. To mitigate SSRF, developers must implement strict input validation, ensuring that only whitelisted domains and protocols are permitted. Additionally, employing network-level controls like firewalls to restrict outbound connections from the application server and isolating internal services from public-facing interfaces significantly reduces the attack surface, preventing unauthorized internal access.

MITRE CWE Description
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
Common Consequences (3)
ConfidentialityRead Application Data
IntegrityExecute Unauthorized Code or Commands
Access ControlBypass Protection Mechanism
By providing URLs to unexpected hosts or ports, attackers can make it appear that the server is sending the request, possibly bypassing access controls such as firewalls that prevent the attackers from accessing the URLs directly. The server can be used as a proxy to conduct port scanning of hosts i…
Examples (1)
This code intends to receive a URL from a user, access the URL, and return the results to the user.
$url = $_GET['url']; # User-controlled input # Fetch the content of the provided URL $response = file_get_contents($url); echo $response;
Bad · PHP
# Define allowed URLs (or domains) $allowed_urls = [ 'https://example.com/data.json', 'https://api.example.com/info', ]; # Get the user-provided URL $url = $_GET['url'] ?? ''; # Validate against allowed URLs if (!in_array($url, $allowed_urls)) { http_response_code(400); echo "Invalid or unauthorized URL."; exit; } # Fetch content safely $response = @file_get_contents($url); if ($response === false) { http_response_code(500); echo "Failed to fetch content."; exit; } echo htmlspecialchars($response); # Escape output for safety
Good · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2021-27905 SSRF vulnerability with the Replication handler — Apache Solr 9.1 -2021-04-13
CVE-2021-24150 Like Button Rating < 2.6.32 - Unauthenticated Full-Read SSRF — Like Button Rating ♥ LikeBtn 7.5 -2021-04-05
CVE-2021-22696 OAuth 2 authorization service vulnerable to DDos attacks — Apache CXF 9.1 -2021-04-02
CVE-2020-12529 MB CONNECT LINE mymbCONNECT24e 代码问题漏洞 — mymbCONNECT24 5.8 Medium2021-03-02
CVE-2021-21311 SSRF in adminer — adminer 7.2 High2021-02-11
CVE-2021-21288 Server-side request forgery in CarrierWave — carrierwave 4.3 Medium2021-02-08
CVE-2021-21287 Server-Side Request Forgery in MinIO Browser API — minio 7.7 High2021-02-01
CVE-2021-1272 Cisco Data Center Network Manager Server-Side Request Forgery Vulnerability — Cisco Data Center Network Manager 8.8 High2021-01-20
CVE-2021-21009 Server-side request forgery (SSRF) in Campaign Classic could lead to sensitive information disclosure — Campaign 8.6 High2021-01-13
CVE-2020-26258 Server-Side Forgery Request can be activated unmarshalling with XStream — xstream 6.3 Medium2020-12-16
CVE-2020-10770 红帽 Red Hat Keycloak 代码问题漏洞 — keycloak 5.3 -2020-12-15
CVE-2020-17513 Apache Airflow 代码问题漏洞 — Apache Airflow 5.3 -2020-12-14
CVE-2020-24444 Blind SSRF in Forms add-on for AEM — Experience Manager 5.8 Medium2020-12-10
CVE-2020-7329 Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension — MVISION Endpoint ePO extension 7.2 High2020-11-11
CVE-2020-7328 Server-Side Request Forgery (SSRF) in MVISION Endpoint ePO extension — MVISION Endpoint ePO extension 7.2 High2020-11-11
CVE-2020-15297 Bitdefender Endpoint Security Tool 代码问题漏洞 — Bitdefender Update Server 7.1 High2020-11-09
CVE-2020-17386 Cellopoint CelloOS - Server-Side Request Forgery (SSRF) — CelloOS 6.5 Medium2020-08-25
CVE-2020-15152 Server-Side Request Forgery in ftp-srv — ftp-srv 9.1 Critical2020-08-17
CVE-2020-8205 uppy npm package 代码问题漏洞 — uppy 7.5 -2020-07-20
CVE-2020-8555 Kubernetes kube-controller-manager SSRF — Kubernetes 6.3 Medium2020-06-04
CVE-2020-8138 Nextcloud server 代码问题漏洞 — Nextcloud Server 7.5 -2020-03-20
CVE-2020-8134 Ghost CMS 代码问题漏洞 — Ghost 7.5 -2020-03-20
CVE-2020-8135 uppy npm package 代码问题漏洞 — uppy 7.5 -2020-03-20
CVE-2020-8118 Nextcloud 代码问题漏洞 — Nextcloud Server 7.7 -2020-02-04
CVE-2019-6837 多款Schneider Electric产品代码问题漏洞 — U.motion Server 9.1 -2019-09-17
CVE-2019-11897 Server-side request forgery in the backup & restore functionality of ProSyst mBS SDK and Bosch IoT Gateway Software — IoT Gateway Software 7.5 -2019-08-21
CVE-2019-7616 Elasticsearch Kibana 代码问题漏洞 — Kibana 4.9 -2019-07-30
CVE-2019-1872 Cisco TelePresence Video Communication Server and Cisco Expressway Series Server-Side Request Forgery Vulnerability — Cisco TelePresence Video Communication Server (VCS) 5.3 -2019-06-05
CVE-2019-1679 Cisco TelePresence Conductor, Cisco Expressway Series, and Cisco TelePresence Video Communication Server REST API Server-Side Request Forgery Vulnerability — Cisco TelePresence Conductor 5.0 -2019-02-07
CVE-2018-7516 Geutebrück G-Cam/EFD-2250和Topline TopFD-2125 安全漏洞 — Geutebr&#195;&#188;ck G-Cam/EFD-2250 (part n&#194;&#176; 5.02024) firmware and Topline TopFD-2125 (part n&#194;&#176; 5.02820) firmware 7.3 -2018-03-22

Vulnerabilities classified as CWE-918 (服务端请求伪造(SSRF)) represent 1540 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.