REDHAT-BUG-2298827: SSRF
First published: Fri Jul 19 2024(Updated: )
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache CXF | <4.0.5 | |
| Apache CXF |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of REDHAT-BUG-2298827?
The severity of REDHAT-BUG-2298827 is categorized as high due to the potential for SSRF attacks on REST web services.
How do I fix REDHAT-BUG-2298827?
To fix REDHAT-BUG-2298827, upgrade Apache CXF to version 4.0.5 or later, or to version 3.6.4 or 3.5.9.
Which versions of Apache CXF are affected by REDHAT-BUG-2298827?
Apache CXF versions prior to 4.0.5, 3.6.4, and 3.5.9 are affected by REDHAT-BUG-2298827.
What are SSRF style attacks in the context of REDHAT-BUG-2298827?
SSRF style attacks, relevant to REDHAT-BUG-2298827, allow attackers to make requests to internal resources from a vulnerable server.
Is a custom stylesheet parameter necessary for REDHAT-BUG-2298827 to be exploited?
Yes, a custom stylesheet parameter must be configured for the REDHAT-BUG-2298827 vulnerability to be exploitable.
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2024-29736
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/type
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/apache
- canonical/apache cxf