CVE-2024-28752: Apache CXF SSRF Vulnerability using the Aegis databinding

CVE-2024-28752: Apache CXF SSRF Vulnerability using the Aegis databinding

Open Source Security [[{„value“:“

Posted by Colm O hEigeartaigh on Mar 14

Severity: important

Affected versions:

– Apache CXF before 4.0.4, 3.6.3, 3.5.8

Description:

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an
attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data
bindings (including the default databinding) are not impacted.

Credit:

Tobias S. Fink (finder)

References:…
„}]] Read More 

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert