Microsoft Exchange Server Authenticated SSRF Vulnerability (Zero Day)

A researcher affiliated with Trend Micro’s Zero Day Initiative (ZDI) recently disclosed an authenticated Server-Side Request Forgery (SSRF) zero-day vulnerability within the Microsoft Exchange Server. At the time of writing, the vulnerability was not assigned a CVE identifier. The researcher reported that Microsoft has acknowledged the vulnerability. Microsoft does not plan to release an immediate … Continue reading “Microsoft Exchange Server Authenticated SSRF Vulnerability (Zero Day)”

Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)

The Apache HTTP Server Project is a group of people working together to create and maintain an open-source, software-based HTTP server for modern operating systems such as UNIX and Windows. This technology is considered among the most widely used web servers on the internet. A Server-Side Request Forgery (SSRF) vulnerability (CVE-2021-40438) has been identified in Apache HTTP Server versions 2.4.48 and older. The vulnerability … Continue reading “Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438)”

Multiple Vulnerabilities in Openfire Admin Console

Openfire is a group chat server for the Extensible Messaging and Presence Protocol (XMPP). It is written in Java and licensed under the Apache License 2.0. Two vulnerabilities, CVE-2019-18394 and CVE-2019-18393, were reported in Openfire Admin Console by a Penetration Testing Expert, Alexandr Shvetsov. Vulnerability Details CVE-2019-18394 – Full Read SSRF Vulnerability A Server-Side Request … Continue reading “Multiple Vulnerabilities in Openfire Admin Console”

Grafana SSRF Vulnerability (CVE-2020-13379)

On 3rd June 2020, Grafana published a security advisory addressing CVE-2020-13379, SSRF (Server-side request forgery) Incorrect Access Control issue. This is a high-severity vulnerability with a CVSS score of 6.4. Vulnerability Details The avatar feature in Grafana has an SSRF Incorrect Access Control issue. This allows unauthenticated attackers to force Grafana to send HTTP requests … Continue reading “Grafana SSRF Vulnerability (CVE-2020-13379)”

Atlassian Jira Server SSRF Vulnerability

Atlassian Jira Server is vulnerable to Server Side Request Forgery (SSRF). The vulnerability affects Jira Core and Jira Software versions 7.6.0 prior to 8.4.0. CVE 2019–8451 has been assigned to track this vulnerability. Thousands of Jira Servers are potentially affected by this vulnerability. Vulnerability Details: The vulnerability was found in the Atlassian Jira /plugins/servlet/gadgets/makeRequest resource … Continue reading “Atlassian Jira Server SSRF Vulnerability”