Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
SAML Consumer Service External Dereference SSRF - Vulnerability Database

SAML Consumer Service External Dereference SSRF

Description

The web application uses SAML. The web application's SAML Consumer Service allows referencing to remote servers/local files (using KeyInfo RetrievalMethod and other methods). An unauthenticated attacker may be able to use it in order to read arbitrary files on the server or send requests to other servers (SSRF).

Remediation

Disable dereferencing for external resources

References

Ping'ing XMLSec
XML Signature Syntax and Processing Version 2.0
XML Signature Best Practices

Related Vulnerabilities

Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF) Medium
Common tags: Acumonitor SSRF Api Ssrf
Auxiliary systems SSRF High
Common tags: Acumonitor SSRF Api Ssrf
HTTP/2 pseudo-header server side request forgery High
Common tags: Acumonitor SSRF Api Ssrf
Unvalidated JWT jku parameter High
Common tags: Acumonitor SSRF Api Ssrf
SAML Consumer Service XSLT injection High
Common tags: Acumonitor SSRF Api Ssrf

Severity

Medium

Classification

CWE-918
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Tags

Acumonitor
SSRF
Api Ssrf