Home / Vulnerability Database / Kotlin : Server-Side Request Forgery (SSRF)
Kotlin
Kotlin : Server-Side Request Forgery (SSRF)
Classification
OWASP Top 10 2013
OWASP Top 10 2017
OWASP Top 10 2021
OWASP MASVS
PCI DSS 4.0
HIPAA
CWE/SANS Top 25 2021
Overview
Server-Side Request Forgery (SSRF) is possible.
A Server Side Request Forgery (SSRF) vulnerability allows an attacker to change a parameter used by the web application to create or manage requests from a vulnerable server.
When the manipulated request goes to the server, the server-side code picks up the manipulated URL and tries to read data to the manipulated URL. By selecting target URLs the attacker may be able to read data from services that are not directly exposed on the internet:
- Cloud server meta-data
- Database HTTP interfaces
- Internal REST interfaces
- Files (using file:// URIs)
References
- CWE-918: Server-Side Request Forgery (SSRF)
- OWASP: Server Side Request Forgery
- Top 10 2013-A1-Injection
- Top 10-2017 A1-Injection
- What is the Server Side Request Forgery Vulnerability & How to Prevent It?
- StackOverFlow: ImageIO.read() returns 403 error
- CWE CATEGORY: OWASP Top Ten 2017 Category A1 - Injection
MEDIUM
DerScanner Severity Score
Do you want to fix Kotlin : Server-Side Request Forgery (SSRF) in your application?
See also
Kotlin
Kotlin : Missing required cryptographic step
Kotlin
Kotlin : Logging into system output
Kotlin