Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
HTTP/2 pseudo-header server side request forgery - Vulnerability Database

HTTP/2 pseudo-header server side request forgery

Description

SSRF as in Server Side Request Forgery is a vulnerability that allows an attacker to force server interfaces into sending packets initiated by the victim server to the local interface or to another server behind the firewall. Consult Web References for more information about this problem.

Remediation

Properly sanitize user requests or use a special sandboxed host to route requests to remote resources

References

HTTP/2: The Sequel is Always Worse
Weird proxies/2 and a bit of magic
SSRF VS. BUSINESS-CRITICAL APPLICATIONS

Related Vulnerabilities

Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF) Medium
Common tags: SSRF Acumonitor API SSRF
Auxiliary systems SSRF High
Common tags: SSRF Acumonitor API SSRF
Unvalidated JWT jku parameter High
Common tags: SSRF Acumonitor API SSRF
SAML Consumer Service External Dereference SSRF Medium
Common tags: SSRF Acumonitor API SSRF
SAML Consumer Service XSLT injection High
Common tags: SSRF Acumonitor API SSRF

Severity

High

Classification

CWE-918
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

SSRF
Acumonitor
API SSRF