First published: Thu Jul 18 2024(Updated: )
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
Credit: security@apache.org security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
maven/org.apache.cxf:cxf-rt-rs-service-description | <3.5.9 | 3.5.9 |
maven/org.apache.cxf:cxf-rt-rs-service-description | >=3.6.0<3.6.4 | 3.6.4 |
maven/org.apache.cxf:cxf-rt-rs-service-description | >=4.0.0<4.0.5 | 4.0.5 |
Apache CXF | <3.5.9 | |
Apache CXF | >=3.6.0<3.6.4 | |
Apache CXF | >=4.0.0<4.0.5 | |
<3.5.9 | ||
>=3.6.0<3.6.4 | ||
>=4.0.0<4.0.5 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.