CWE:
 

Topic
Date
Author
High
Fortify SSC 17.10 / 17.20 / 18.10 XXE Injection
14.07.2018
Alt3kx
Low
SPIP 3.1.2 Server Side Request Forgery
20.10.2016
Nicolas CHATELAIN
Low
Google Docs XSPA / SSRF
10.09.2016
Ashiyane Digital Secur...
Low
Infoware MapSuite Server-Side Request Forgery
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2019-06-11
Medium
CVE-2019-12153

Vendor: Realobjects
Software: Pdfreactor
 

 
Lack of validation in the HTML parser in RealObjects PDFreactor before 10.1.10722 leads to SSRF, allowing attackers to access network or file resources on behalf of the server by supplying malicious HTML content.

 
2019-06-05
Medium
CVE-2019-9187

Vendor: Ikiwiki
Software: Ikiwiki
 

 
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190226 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.

 
Medium
CVE-2019-1872

Vendor: Cisco
Software: Telepresence...
 

 
A vulnerability in Cisco TelePresence Video Communication Server (VCS) and Cisco Expressway Series software could allow an unauthenticated, remote attacker to cause an affected system to send arbitrary network requests. The vulnerability is due to improper restrictions on network services in the affected software. An attacker could exploit this vulnerability by sending malicious requests to the affected system. A successful exploit could allow the attacker to send arbitrary network requests sourced from the affected system.

 
2019-05-29
Low
CVE-2019-6981

Vendor: Synacor
Software: Zimbra colla...
 

 
Zimbra Collaboration Suite 8.7.x through 8.8.11 allows Blind SSRF in the Feed component.

 
2019-05-28
Medium
CVE-2018-17198

Vendor: Apache
Software: Roller
 

 
Server-side Request Forgery (SSRF) and File Enumeration vulnerability in Apache Roller 5.2.1, 5.2.0 and earlier unsupported versions relies on Java SAX Parser to implement its XML-RPC interface and by default that parser supports external entities in XML DOCTYPE, which opens Roller up to SSRF / File Enumeration vulnerability. Note that this vulnerability exists even if Roller XML-RPC interface is disable via the Roller web admin UI. Mitigation: There are a couple of ways you can fix this vulnerability: 1) Upgrade to the latest version of Roller, which is now 5.2.2 2) Or, edit the Roller web.xml file and comment out the XML-RPC Servlet mapping as shown below: <!-- <servlet-mapping> <servlet-name>XmlRpcServlet</servlet-name> <url-pattern>/roller-services/xmlrpc</url-pattern> </servlet-mapping> -->

 
2019-05-23
Medium
CVE-2017-13667

Vendor: Open-xchange
Software: Open-xchange...
 

 
OX Software GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

 
Low
CVE-2017-15029

Vendor: Open-xchange
Software: Open-xchange...
 

 
Open-Xchange GmbH OX App Suite 7.8.4 and earlier is affected by: SSRF.

 
2019-05-17
Low
CVE-2019-12161

Vendor: Webpagetest
Software: Webpagetest
 

 
WPO WebPageTest 19.04 allows SSRF because ValidateURL in www/runtest.php does not consider octal encoding of IP addresses (such as 0300.0250 as a replacement for 192.168).

 
2019-05-14
Medium
CVE-2019-6516

Vendor: WSO2
Software: Dashboard server
 

 
An issue was discovered in WSO2 Dashboard Server 2.0.0. It is possible to force the application to perform requests to the internal workstation (port-scanning) and to perform requests to adjacent workstations (network-scanning), aka SSRF.

 
Low
CVE-2019-6512

Vendor: WSO2
Software: Api manager
 

 
An issue was discovered in WSO2 API Manager 2.6.0. It is possible to force the application to perform requests to the internal workstation (SSRF port-scanning), other adjacent workstations (SSRF network scanning), or to enumerate files because of the existence of the file:// wrapper.

 

 


Copyright 2019, cxsecurity.com

 

Back to Top