SSRF Injection in headers
Description
SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL. It allows an attacker to coerce the application to send a crafted request to an unexpected destination, even when protected by a firewall, VPN, or another type of network access control list (ACL).
Remediation
How to prevent:
- Segment remote resource access functionality in separate networks to reduce the impact of SSRF.
- Sanitize and validate all client-supplied input data.
- Enforce the URL schema, port, and destination with a positive allow list.
- Disable HTTP redirections.
REST Specific
Asp_net
Ruby_on_rails
Next_js
Laravel
Express_js
Django
Symfony
Spring_boot
Flask
Nuxt
Fastapi
Configuration
Identifier:
request_forgery/ssrf_header
Examples
Ignore this check
checks:
request_forgery/ssrf_header:
skip: true
Score
- Escape Severity: LOW
Compliance
OWASP: API10:2023
pci: 6.5.1
gdpr: Article-32
soc2: CC1
psd2: Article-95
iso27001: A.14.2
nist: SP800-53
fedramp: AC-4
Classification
- CWE: 918
Score
- CVSS_VECTOR: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
- CVSS_SCORE: 7.3