Lucene search
ApacheCVELIST:CVE-2024-28752HistoryMar 15, 2024 - 10:27 a.m.
CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding
2024-03-1510:27:30
CWE-918
apache
www.cve.org
1
apache cxf
ssrf
vulnerability
aegis databinding
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf.aegis",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.4, 3.6.3, 3.5.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
github
github
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-15 12:30:37
ibm
ibm
osv
osv
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-15 12:30:37
nessus
nessus
cgr
cgr
CVE-2024-28752 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-28752
2024-03-21 15:31:52
wolfi
wolfi
CVE-2024-28752 vulnerabilities
2024-06-22 09:08:24
nvd
nvd
CVE-2024-28752
2024-03-15 11:15:09
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-03-18 08:35:48
cve
cve
CVE-2024-28752
2024-03-15 11:15:09
