Server-Side Request Forgery (SSRF)
| Property | |
|---|---|
| Language | java |
| Severity |  |
| CWE | CWE-918: Server-Side Request Forgery (SSRF) |
| OWASP | A10:2021 - Server-Side Request Forgery (SSRF) |
| Confidence Level | Medium |
| Impact Level | Medium |
| Likelihood Level | Medium |
Description#
User input is being used to set the host part of a URL in server-side code, allowing attackers to control where requests are sent. This can let untrusted users cause your server to connect to arbitrary addresses.
Impact#
If exploited, attackers could make your server send requests to malicious or internal systems, potentially exposing sensitive data, credentials, or enabling attacks against internal infrastructure (SSRF). This can lead to data leaks, unauthorized access, or compromise of internal services.