Server Side Request Forgery (SSRF)
ColdFusion Security Guide

What are Server Side Request Forgeries (SSRF) and how can you avoid them in your ColdFusion / Lucee code?
ColdFusion Developer Security Training Online Class

The Risk

Make a request (such as a HTTP request) from your server can be used to bypass the network firewall. Your ColdFusion or Lucee server may be allowed to request certain IP addresses that should not be directly accessible to the public or your end users.

In addition most cloud environments have a Meta Data API that is accessible to your cloud server instance. This meta data api will contain sensitive information that can cause further compromise.

A Vulnerable Example

<cfhttp url="#form.feed#">

Where to look in your CFML code?

There are several tags and functions that can make a HTTP request. The cfhttp tag is the obvious example, but any tag or function that deals with file paths very likely supports urls.

See the Additional Resources section for more tags / functions.

Mitigating SSRF in your CFML Code

Take care to review and validate the inputs to the impacted tags and functions. Ensure that only trusted values are allowed.

Additional Mitigation Techniques

Additional Resources