CXF SSRF Vulnerability Affects REST Webservices

CVE-2024-29736

9.1CRITICAL

Key Information

Vendor: Apache
Status: Apache Cxf
Vendor: CVE Published:; 19 July 2024

Badges

📰 News Worthy

Summary

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Affected Version(s)

Apache CXF < 3.5.9, 3.6.4, 4.0.5

News Articles

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

First article discovered by CN-SEC
Aug 1, 2024
Vulnerability published.
Jul 19, 2024
Vulnerability Reserved.
Mar 19, 2024

Collectors

NVD DatabaseMitre Database1 News Article(s)

Credit

Tobias S. Fink