Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Published

2024-07-19T09:15:04.003

Last Modified

2024-11-21T09:08:12.057

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.1 (CRITICAL)

Weaknesses

Type: Primary
CWE-918

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apache	cxf	< 3.5.9	Yes
Application	apache	cxf	< 3.6.4	Yes
Application	apache	cxf	< 4.0.5	Yes

References

https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 Mailing List, Vendor Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2024/07/18/2 (af854a3a-2127-422b-91ae-364da2661108)
https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2 Mailing List, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20241115-0003/ (af854a3a-2127-422b-91ae-364da2661108)