Unpatched Powerful SSRF in Exchange OWA – Getting Response Through Attachments

Server Side Request Forgery (SSRF). This vulnerability class triggers a wide range of emotions and reactions, ranging from complete ignorance to panic. Though it is included in the OWASP Top 10 list of web application security risks, at times vendors tend to downplay it and not treat it seriously.

As usual, the truth lies somewhere in between. What appears to be SSRF may sometimes in fact be intended functionality. Even so, an attacker may be able to abuse that functionality …

application application security attachments blog post class emotions exchange forgery list owa owasp owasp top 10 panic request response risks security security risks server server side ssrf top 10 unpatched vendors vulnerability web web application web application security