11 matches found
Server-Side Request Forgery (SSRF)
Cowrie is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to the wget and curl emulation making real outbound HTTP requests without rate limiting, which allows an attacker to repeatedly trigger requests and abuse the honeypot to generate denial-of-service traffic toward...
CVE-2025-34469
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
CVE-2025-34469
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
CVE-2025-34469
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
EUVD-2025-204642
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
CVE-2025-34469 Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
CVE-2025-34469 Cowrie < 2.9.0 Unrestricted wget/curl Emulation Enables SSRF-Based DDoS Amplification
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
CVE-2025-34469
CVE-2025-34469 affects Cowrie before 2.9.0. In emulated shell mode, the wget and curl commands perform real outbound HTTP requests, enabling unauthenticated attackers to generate unbounded traffic to arbitrary targets. This SSRF can turn the Cowrie honeypot into a denial-of-service amplification ...
GHSA-83JG-M2PM-4JXJ Cowrie has a SSRF vulnerability in wget/curl emulation enabling DDoS amplification
Summary A Server-Side Request Forgery SSRF vulnerability in Cowrie's emulated shell mode allows unauthenticated attackers to abuse the honeypot as an amplification vector for HTTP-based denial-of-service attacks against arbitrary third-party hosts. Details When Cowrie operates in emulated shell...
VulnCheck KEV: CVE-2025-34469
Cowrie versions prior to 2.9.0 contain a server-side request forgery SSRF vulnerability in the emulated shell implementation of wget and curl. In the default emulated shell configuration, these command emulations perform real outbound HTTP requests to attacker-supplied destinations. Because no...
Kojoney DoS
Insufficient URL filtering in curl and wget emulation allows access to local files and devices, causing memory exhaustion...