Vulnerabilities > Server-Side Request Forgery (SSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-16 | CVE-2017-5643 | Server-Side Request Forgery (SSRF) vulnerability in Apache Camel Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE. | 7.4 |
| 2017-03-16 | CVE-2017-5617 | Server-Side Request Forgery (SSRF) vulnerability in multiple products The SVG Salamander (aka svgSalamander) library, when used in a web application, allows remote attackers to conduct server-side request forgery (SSRF) attacks via an xlink:href attribute in an SVG file. | 7.4 |
| 2017-03-03 | CVE-2015-8813 | Server-Side Request Forgery (SSRF) vulnerability in Umbraco The Page_Load function in Umbraco.Web/umbraco.presentation/umbraco/dashboard/FeedProxy.aspx.cs in Umbraco before 7.4.0 allows remote attackers to conduct server-side request forgery (SSRF) attacks via the url parameter. | 4.3 |
| 2017-02-01 | CVE-2016-6001 | Server-Side Request Forgery (SSRF) vulnerability in IBM Forms Experience Builder 8.5/8.5.1/8.6.0 IBM Forms Experience Builder could be susceptible to a server-side request forgery (SSRF) from the application design interface allowing for some information disclosure of internal resources. | 3.5 |
| 2017-01-31 | CVE-2016-9417 | Server-Side Request Forgery (SSRF) vulnerability in Mybb Merge System and Mybb The fetch_remote_file function in MyBB (aka MyBulletinBoard) before 1.8.8 and MyBB Merge System before 1.8.8 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | 5.8 |
| 2017-01-31 | CVE-2016-6621 | Server-Side Request Forgery (SSRF) vulnerability in PHPmyadmin The setup script for phpMyAdmin before 4.0.10.19, 4.4.x before 4.4.15.10, and 4.6.x before 4.6.6 allows remote attackers to conduct server-side request forgery (SSRF) attacks via unspecified vectors. | 5.0 |
| 2017-01-18 | CVE-2016-7999 | Server-Side Request Forgery (SSRF) vulnerability in Spip ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to conduct server side request forgery (SSRF) attacks via a URL in the var_url parameter in a valider_xml action. | 4.3 |
| 2017-01-17 | CVE-2017-5518 | Server-Side Request Forgery (SSRF) vulnerability in Metalgenix Genixcms The media-file upload feature in GeniXCMS through 0.0.8 allows remote attackers to conduct SSRF attacks via a URL, as demonstrated by a URL with an intranet IP address. | 4.3 |
| 2016-12-15 | CVE-2016-4046 | Server-Side Request Forgery (SSRF) vulnerability in Open-Xchange Appsuite An issue was discovered in Open-Xchange OX App Suite before 7.8.1-rev11. | 5.0 |
| 2016-12-01 | CVE-2016-9752 | Server-Side Request Forgery (SSRF) vulnerability in S9Y Serendipity In Serendipity before 2.0.5, an attacker can bypass SSRF protection by using a malformed IP address (e.g., http://127.1) or a 30x (aka Redirection) HTTP status code. | 5.0 |