Lucene search
HistoryJul 19, 2024 - 9:15 a.m.
CVE-2024-29736
ssrf
apache cxf
wadl service
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.002
Percentile
53.3%
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
Affected configurations
Node
apachecxfRange<3.5.9
ORapachecxfRange3.6.0–3.6.4
ORapachecxfRange4.0.0–4.0.5
Related
osv
osv
CVE-2024-29736
2024-07-19 09:15:04
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-19 09:32:06
cvelist
cvelist
CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-19 08:50:08
cve
cve
CVE-2024-29736
2024-07-19 09:15:04
veracode
veracode
Server-side Request Forgery (SSRF)
2024-07-19 14:06:39
vulnrichment
vulnrichment
CVE-2024-29736 Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-19 08:50:08
github
github
Apache CXF: SSRF vulnerability via WADL stylesheet parameter
2024-07-19 09:32:06
redhatcve
redhatcve
CVE-2024-29736
2024-07-23 09:17:30
nessus
nessus
Apache CXF < 3.5.9, 3.6.x < 3.6.4, 4.0.x < 4.0.5 Multiple Vulnerabilities
2024-07-26 00:00:00
CVSS3
9.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS
0.002
Percentile
53.3%
Related for NVD:CVE-2024-29736