External service interaction (HTTP)
High
A
AWS VDP
Submitted None
Team Summary
Official summary from AWS VDP
Thank you for bringing this issue to our attention. Upon review, we identified that the related infrastructure was previously deprecated, and it seems that this particular test resource was unintentionally overlooked during the process. While the finding is outside the scope of the program (not related to AWS Software or Services), we appreciate the report and will proceed to close the report as resolved. Thanks again for your report and for helping us protect our customers! Please feel free to reach out if you have any further questions or concerns.
Actions:
Reported by
hesham_elsheme
Vulnerability Details
Technical details and impact analysis
There is External service interaction ( DNS and HTTP ) vulnerability in
url : ████ in this video
F3616801
## Impact
The External Service Interaction arise when it is possible for a attacker to induce application to interact with the arbitrary external service such as DNS HTTP etc.
The External Service Interaction can is not limited to HTTP,HTTPS or DNS, you can lead to FTP, SMTP etc. Such weakness can lead to DDoS attack.
The External Service Interaction can lead to OS Command Injection, DOS Attack, DDOS Attack or Code Manipulation
Report Details
Additional information and metadata
State
Closed
Substate
Resolved
Submitted
Weakness
Server-Side Request Forgery (SSRF)