Home > Vulnerability Database > CVE-2024-29736

Mend.io Vulnerability Database

CVE-2024-29736

Good to know:

Date: July 19, 2024

A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.

Language: Java

Severity Score

7.5

Related Resources (9)

Url: https://github.com/apache/cxf/commit/bafb0cadf723fc3962031c34f1f20dc0e8b7a36b

Url: https://github.com/apache/cxf

Url: https://github.com/apache/cxf/commit/df2241c59481a57aebb1c0693b778a35baaf5570

Url: http://www.openwall.com/lists/oss-security/2024/07/18/2

Url: https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-29736

Url: https://github.com/apache/cxf/commit/378afe1acb7503315bc63555c8743db0f55d8312

Url: https://security.netapp.com/advisory/ntap-20241115-0003/

Url: https://www.mend.io/vulnerability-database/CVE-2024-29736

Severity Score

7.5

Weakness Type (CWE)

Server-Side Request Forgery (SSRF)

CWE-918

Top Fix

Upgrade Version

Upgrade to version org.apache.cxf:cxf-rt-rs-service-description:3.5.9,3.6.4,4.0.5

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-29736

Good to know:

Date: July 19, 2024

Language: Java

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?