Lucene search
K

6 matches found

RedHat Linux
RedHat Linux
added 2024/09/19 4:46 p.m.12 views

apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter

A Server-side request forgery SSRF vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured...

9.1CVSS7.2AI score0.01029EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2024/07/26 12:0 a.m.48 views

Apache CXF < 3.5.9, 3.6.x < 3.6.4, 4.0.x < 4.0.5 Multiple Vulnerabilities

The version of Apache CXF installed on the remote Windows host is affected by multiple vulnerabilities: - A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only...

9.1CVSS7AI score0.01269EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/07/23 9:17 a.m.32 views

CVE-2024-29736

A Server-side request forgery SSRF vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured. Mitigation Mitigation for this issue is...

9.1CVSS9AI score0.01029EPSS
Exploits0References6
NVD
NVD
added 2024/07/19 9:15 a.m.43 views

CVE-2024-29736

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...

9.1CVSS0.01029EPSS
Exploits0References3
CVE
CVE
added 2024/07/19 8:50 a.m.155 views

CVE-2024-29736

CVE-2024-29736: Apache CXF WADL stylesheet SSRF. The issue arises from improper validation of the WADL stylesheet parameter, enabling SSRF against REST services when a custom stylesheet parameter is configured. Affected CXF versions are before 4.0.5, 3.6.4, and 3.5.9. Mitigation: upgrade CXF to 4...

9.1CVSS6.5AI score0.01029EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/19 12:0 a.m.4 views

PT-2024-5337 · Apache · Apache Cxf

Name of the Vulnerable Software and Affected Versions: Apache CXF versions prior to 4.0.5 Apache CXF versions prior to 3.6.4 Apache CXF versions prior to 3.5.9 Description: A SSRF vulnerability in the WADL service description of Apache CXF allows an attacker to perform SSRF style attacks on REST...

9.1CVSS7.6AI score0.01029EPSS
Exploits0References17
Rows per page
Query Builder