Posted by Paweł Gocyla on Jul 12

Title: WSO2 SOA Enablement Server – Server Side Request Forgery
Authors: Pawel Gocyla
Date: 10. June 2016

Affected Software:
==================
WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616
Probably other versions are also vulnerable.

Vulnerability:
**************

Server Side Request Forgery (SSRF):
===================================

Using this vulnerability it is possible for example to expose service user
credentials….