Lucene search

GitHub Advisory DatabaseGHSA-5M3J-PXH7-455P

HistoryJul 19, 2024 - 9:32 a.m.

Apache CXF: SSRF vulnerability via WADL stylesheet parameter

2024-07-1909:32:06

CWE-918

GitHub Advisory Database

github.com

apache cxf

ssrf

wadl

vulnerability

rest webservices

custom stylesheet

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

53.3%

JSON

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Affected configurations

Vulners

Node

org.apache.cxf\Matchcxf-rt-rs-service-description

VendorProductVersionCPE
*org.apache.cxf\cxf-rt-rs-service-descriptioncpe:2.3:a:*:org.apache.cxf\:cxf-rt-rs-service-description:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
*	org.apache.cxf\	cxf-rt-rs-service-description	cpe:2.3:a::org.apache.cxf\:cxf-rt-rs-service-description::::::::*

References

github.com/advisories/GHSA-5m3j-pxh7-455p

github.com/apache/cxf/commit/378afe1acb7503315bc63555c8743db0f55d8312

github.com/apache/cxf/commit/bafb0cadf723fc3962031c34f1f20dc0e8b7a36b

github.com/apache/cxf/commit/df2241c59481a57aebb1c0693b778a35baaf5570

lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2

nvd.nist.gov/vuln/detail/CVE-2024-29736

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

High

EPSS

0.002

Percentile

53.3%

JSON

Related for GHSA-5M3J-PXH7-455P