CXF SSRF Vulnerability Affects REST Webservices
CVE-2024-29736

9.1CRITICAL

Key Information:

Vendor: Apache
Status: Apache Cxf
Vendor: CVE Published:; 19 July 2024

Badges

📰 News Worthy

Summary

A security vulnerability has been identified in the Apache CXF framework, specifically associated with Server-Side Request Forgery (SSRF) attacks. This issue arises in versions prior to 4.0.5, 3.6.4, and 3.5.9 when a custom stylesheet parameter is configured. Attackers can exploit this vulnerability to manipulate REST web services, potentially leading to unauthorized access and data exposure. It is critical for users of affected versions to apply the necessary updates to mitigate the risk posed by this vulnerability.

Affected Version(s)

Apache CXF 0 < 3.5.9, 3.6.4, 4.0.5

News Articles

References

https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg26...

vendor-advisory

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by CN-SEC
Aug 1, 2024
Vulnerability published
Jul 19, 2024
Vulnerability Reserved
Mar 19, 2024

Credit

Tobias S. Fink

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

References

CVSS V3.1

Timeline

Credit