Server-Side Request Forgery

⚔️ Attack Types Related 17
slug: ssrf

Explanation

SSRFは「外部からのリクエストを、サーバーが内部ネットワークに転送してしまう」脆弱性です。 たとえば「画像URLを貼って」と言われてWebサービスがそのURLを取りに行く機能で、攻撃者が `http://169.254.169.254/` (AWSの内部メタデータURL) を入れると、AWSの認証情報が漏洩する、というのが典型例。 クラウド時代に特に危険視されている脆弱性です。
📌 Example
Capital One事件 (2019, 1億人の個人情報流出): WAFのSSRF脆弱性経由でAWS認証情報が窃取され、S3バケットから個人情報を全件取られた。

🔖 Related tags

🛡 Vulnerabilities tagged with this 294

ID Title
CVE-2025-56589 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-56589)
CVE-2025-68616 Open Redirect in weasyprint (CVE-2025-68616)
CVE-2025-60898 SSRF (Server-Side Request Forgery) in c (CVE-2025-60898)
CVE-2020-36851 SSRF (Server-Side Request Forgery) in ssrf (CVE-2020-36851)
CVE-2025-5260 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-5260)
CVE-2025-51058 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-51058)
CVE-2024-55399 SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-55399)
CVE-2025-45939 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-45939)
CVE-2025-52163 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-52163)
CVE-2025-51591 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-51591)
CVE-2025-5276 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-5276)
CVE-2025-25827 SSRF (Server-Side Request Forgery) in ssrf (CVE-2025-25827)
CVE-2025-25785 SSRF (Server-Side Request Forgery) in c (CVE-2025-25785)
CVE-2024-55875 Information Disclosure in org.http4k:http4k-format-xml (CVE-2024-55875)
CVE-2024-21527 SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-21527)
CVE-2024-25294 SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-25294)
CVE-2024-22873 SSRF (Server-Side Request Forgery) in ssrf (CVE-2024-22873)
CVE-2023-36088 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-36088)
CVE-2023-35175 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-35175)
CVE-2023-27162 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27162)
CVE-2023-27163 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27163)
CVE-2023-27159 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27159)
CVE-2023-27160 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27160)
CVE-2023-1725 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-1725)
CVE-2023-25262 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-25262)
CVE-2023-27161 SSRF (Server-Side Request Forgery) in ssrf (CVE-2023-27161)
CVE-2022-45085 SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-45085)
CVE-2021-37498 SSRF (Server-Side Request Forgery) in ssrf (CVE-2021-37498)
CVE-2022-40842 SSRF (Server-Side Request Forgery) in ssrf (CVE-2022-40842)
CVE-2022-38580 Zalando Skipper v0.13.236 is vulnerable to Server-Side Request Forgery (SSRF).

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →