Attacks & Threats
Server-Side Request Forgery (SSRF)
Also known as: SSRF
Definition
A web vulnerability that allows an attacker to coerce a server into making HTTP or other network requests on their behalf, often against internal systems.
Server-Side Request Forgery (SSRF) arises when a server fetches a remote resource using a URL controlled by the user without proper validation. Attackers can pivot the server's network privileges to reach internal services normally blocked from the internet — cloud metadata endpoints, admin consoles, databases — and read sensitive data, scan ports, or trigger remote code execution. SSRF is especially severe in cloud environments where the metadata service can return temporary credentials. Defences include allowlisting outbound destinations, rejecting requests to link-local and private IP ranges, disabling unused URL schemes, requiring authentication for internal services, and enforcing IMDSv2 in AWS or equivalent in other clouds.
Examples
- An attacker abuses an image-import feature to fetch http://169.254.169.254/ and steal cloud instance credentials.
- An SSRF in a webhook endpoint is used to scan internal databases that are otherwise unreachable from the internet.
Related terms
Cross-Site Request Forgery (CSRF)
A web attack that forces an authenticated user's browser to send unwanted requests to a vulnerable site, causing state-changing actions without consent.
Cloud Misconfiguration
Cloud Misconfiguration — definition coming soon.
Input Validation
Input Validation — definition coming soon.
Open Redirect
Open Redirect — definition coming soon.
OWASP Top 10
OWASP Top 10 — definition coming soon.
IAM Misconfiguration
IAM Misconfiguration — definition coming soon.