A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.
History

Fri, 22 Nov 2024 12:00:00 +0000


Fri, 15 Nov 2024 14:15:00 +0000

Type Values Removed Values Added
References
Metrics cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


Thu, 19 Sep 2024 23:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat apache Camel Spring Boot
CPEs cpe:/a:redhat:apache_camel_spring_boot:3.20.7
Vendors & Products Redhat
Redhat apache Camel Spring Boot

Fri, 13 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV3_1

{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-07-19T08:50:08.265Z

Updated: 2024-11-15T13:08:15.763Z

Reserved: 2024-03-19T11:19:47.785Z

Link: CVE-2024-29736

cve-icon Vulnrichment

Updated: 2024-11-15T13:08:15.763Z

cve-icon NVD

Status : Modified

Published: 2024-07-19T09:15:04.003

Modified: 2024-11-21T09:08:12.057

Link: CVE-2024-29736

cve-icon Redhat

Severity : Important

Publid Date: 2024-07-19T00:00:00Z

Links: CVE-2024-29736 - Bugzilla