Site icon API Security Blog

Server-side Request Forgery (SSRF)

cxf-core is vulnerable to server-side request forgery. The vulnerability exists due to the lack of URL encode in MTOM content-id, which allows an attacker to perform SSRF-style attacks on web services that take at least one parameter of any type through the href attribute of `XOP:Include`.Read More

Exit mobile version