CVE-2024-29736: Apache CXF: SSRF vulnerability via WADL stylesheet parameter
First published: Thu Jul 18 2024(Updated: )
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
Credit: security@apache.org security@apache.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.cxf:cxf-rt-rs-service-description | <3.5.9 | 3.5.9 |
| maven/org.apache.cxf:cxf-rt-rs-service-description | >=3.6.0<3.6.4 | 3.6.4 |
| maven/org.apache.cxf:cxf-rt-rs-service-description | >=4.0.0<4.0.5 | 4.0.5 |
| Apache CXF | <3.5.9 | |
| Apache CXF | >=3.6.0<3.6.4 | |
| Apache CXF | >=4.0.0<4.0.5 | |
| IBM Data Virtualization on Cloud Pak for Data | <=3.0 | |
| IBM Watson Query with Cloud Pak for Data as a Service | <=2.2 | |
| IBM Watson Query with Cloud Pak for Data as a Service | <=2.1 | |
| IBM Watson Query with Cloud Pak for Data as a Service | <=2.0 | |
| IBM Data Virtualization on Cloud Pak for Data | <=1.8 | |
| IBM Data Virtualization on Cloud Pak for Data | <=1.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/errata/RHSA-2024:6883
- https://bugzilla.redhat.com/show_bug.cgi?id=2298827
- https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2
- https://nvd.nist.gov/vuln/detail/CVE-2024-29736
- https://github.com/apache/cxf/commit/378afe1acb7503315bc63555c8743db0f55d8312
- https://github.com/apache/cxf/commit/bafb0cadf723fc3962031c34f1f20dc0e8b7a36b
- https://github.com/apache/cxf/commit/df2241c59481a57aebb1c0693b778a35baaf5570
- https://github.com/advisories/GHSA-5m3j-pxh7-455p (Advisory)
- https://www.ibm.com/support/pages/node/7183851 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-29736?
CVE-2024-29736 is classified as a high-severity SSRF vulnerability affecting specific versions of Apache CXF.
How do I fix CVE-2024-29736?
To fix CVE-2024-29736, upgrade Apache CXF to at least version 3.5.9, 3.6.4, or 4.0.5.
What versions of Apache CXF are affected by CVE-2024-29736?
CVE-2024-29736 affects Apache CXF versions prior to 3.5.9, 3.6.4, and 4.0.5.
What type of attack does CVE-2024-29736 allow?
CVE-2024-29736 allows attackers to execute Server-Side Request Forgery (SSRF) attacks on REST web services.
Is a custom stylesheet parameter required for CVE-2024-29736 to be exploited?
Yes, CVE-2024-29736 can only be exploited if a custom stylesheet parameter is configured.
- collector/oss-sec
- source/oss-sec
- alias/CVE-2024-29736
- agent/title
- agent/first-publish-date
- agent/type
- agent/author
- collector/redhat-bugzilla
- source/Red Hat
- agent/severity
- collector/mitre-cve
- source/MITRE
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-5m3j-pxh7-455p
- agent/software-canonical-lookup
- collector/github-advisory
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- collector/nvd-api
- agent/weakness
- agent/last-modified-date
- agent/source
- agent/references
- agent/description
- agent/trending
- agent/event
- agent/softwarecombine
- agent/tags
- collector/ibm-support
- source/IBM
- package-manager/maven
- vendor/apache
- canonical/apache cxf
- version/apache cxf/3.6.0
- version/apache cxf/4.0.0
- vendor/ibm
- canonical/ibm data virtualization on cloud pak for data
- version/ibm data virtualization on cloud pak for data/3.0
- canonical/ibm watson query with cloud pak for data as a service
- version/ibm watson query with cloud pak for data as a service/2.2
- version/ibm watson query with cloud pak for data as a service/2.1
- version/ibm watson query with cloud pak for data as a service/2.0
- version/ibm data virtualization on cloud pak for data/1.8
- version/ibm data virtualization on cloud pak for data/1.7