Lucene search
ApacheCVELIST:CVE-2024-29736HistoryJul 19, 2024 - 8:50 a.m.
CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-1908:50:08
CWE-918
apache
www.cve.org
21
cve-2024-29736
apache cxf
wadl
ssrf
rest
webservice
stylesheet parameter
EPSS
0.002
Percentile
53.3%
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "3.5.9, 3.6.4, 4.0.5",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
osv
osv
CVE-2024-29736
2024-07-19 09:15:04
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-19 09:32:06
cve
cve
CVE-2024-29736
2024-07-19 09:15:04
redhatcve
redhatcve
CVE-2024-29736
2024-07-23 09:17:30
veracode
veracode
Server-side Request Forgery (SSRF)
2024-07-19 14:06:39
vulnrichment
vulnrichment
CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-19 08:50:08
nvd
nvd
CVE-2024-29736
2024-07-19 09:15:04
github
github
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-19 09:32:06
nessus
nessus
Apache CXF < 3.5.9, 3.6.x < 3.6.4, 4.0.x < 4.0.5 Multiple Vulnerabilities
2024-07-26 00:00:00