Lucene search
Veracode Vulnerability DatabaseVERACODE:45913HistoryMar 18, 2024 - 8:35 a.m.
Server-Side Request Forgery (SSRF)
2024-03-1808:35:48
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
apache cxf
ssrf
data binding
org.apache.cxf, cxf-rt-databinding-aegis is vulnerable to Server-Side Request Forgery (SSRF). The vulnerability is due improper URL sanitisation which allows an attacker to perform SSRF attacks on web services that take at least one parameter of any type. Users of other data bindings, including the default data binding, are not impacted.
References
www.openwall.com/lists/oss-security/2024/03/14/3
cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
github.com/advisories/GHSA-qmgx-j96g-4428
github.com/apache/cxf/commit/659a8f9b10bc8037774c0399e61e77e3955fd230
github.com/apache/cxf/commit/d0baeb3ee64c6d7c883bd2f5c4cb0de6b0b5f463
security.netapp.com/advisory/ntap-20240517-0001/
Related
cvelist
cvelist
CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding
2024-03-15 10:27:30
github
github
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-15 12:30:37
ibm
ibm
osv
osv
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-15 12:30:37
nessus
nessus
cgr
cgr
CVE-2024-28752 vulnerabilities
2024-05-19 03:07:16
redhatcve
redhatcve
CVE-2024-28752
2024-03-21 15:31:52
wolfi
wolfi
CVE-2024-28752 vulnerabilities
2024-06-22 09:08:24
nvd
nvd
CVE-2024-28752
2024-03-15 11:15:09
cve
cve
CVE-2024-28752
2024-03-15 11:15:09
