Security Test: SSRF Injection in headers¶
Description¶
Default Severity:
SSRF injection in headers happens when a web app fetches a remote resource using a URL supplied by a user without checking it properly. An attacker can then trick the system into making requests to unintended destinations, like internal systems or services behind a firewall. This can expose internal APIs, lead to data breaches, or even be a pathway to further attacks. Developers often overlook proper input validation or rely too much on network boundaries for security, which can leave these vulnerabilities open.
Configuration¶
Identifier:
request_forgery/ssrf_header
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API10:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 918 |
| CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| CVSS Score | 7.3 |