SERVER SIDE REQUEST FORGERY

Feature Value
Type Detection/Protection
Risk Other
Covered by Agent

Server Side Request Forgery (SSRF) vulnerabilities let an attacker send crafted requests from the back-end server of a vulnerable web application. Criminals usually use SSRF attacks to target internal systems that are behind firewalls and are not accessible from the external network. An attacker may also leverage SSRF to access services available through the loopback interface (127.0.0.1) of the exploited server.

SSRF vulnerabilities occur when an attacker has full or partial control of the request sent by the web application. A common example is when an attacker can control the third-party service URL to which the web application makes a request.

More information

How to solve it

Hdiv is able to detect a vulnerability to SSRF, which is a form of Injection. When the vulnerability is present, Hdiv can protect against an attack by using a whitelist-based approach.

Whitelist Configuration

Hdiv agent sends Hdiv Console all the different targets being used in vulnerable SSRF calls. All those targets are stored in the web console, and make it really easy to create a whitelist. Once it is created, Hdiv agent will only allow requests coming from whitelisted domains which have been validated against SSRF.

The main features of this policy are, being transparent (no additional information required), easily updated and based on a whitelist.