Security Test: SSRF Injection in headers via Frontend¶
Scanner(s) Support¶
| GraphQL Scanner | REST Scanner | Frontend Scanner |
|---|---|---|
Description¶
Default Severity:
When a web app uses a URL provided in headers without checking it, it can be tricked into requesting resources that might be hidden on internal networks, such as sensitive APIs or services behind a firewall. This vulnerability occurs because developers sometimes assume that data coming through headers is safe or rely too much on network boundaries to protect internal systems. The risk is that an attacker can manipulate these URLs to access confidential information, perform internal scans, or even use the server as a stepping stone for further attacks. Keeping an eye on input validation and not relying solely on network segmentation for security can help prevent these types of issues.
Configuration¶
Identifier:
frontend_request_forgery/ssrf_header
Examples¶
All configuration available:
Compliance and Standards¶
| Standard | Value |
|---|---|
| OWASP API Top 10 | API10:2023 |
| OWASP LLM Top 10 | LLM06:2023 |
| PCI DSS | 6.5.1 |
| GDPR | Article-32 |
| SOC2 | CC1 |
| PSD2 | Article-95 |
| ISO 27001 | A.14.2 |
| NIST | SP800-53 |
| FedRAMP | AC-4 |
| CWE | 918 |
| CVSS Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
| CVSS Score | 7.3 |