CVE-2024-28752

CRITICAL9.3

Public PoC

Description

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

None

Affected products

Apache Software Foundation / Apache CXF0 – 4.0.4, 3.6.3, 3.5.8

Exploits & PoCs

nucleiApache CXF < 4.0.4 - Aegis DataBinding SSRF / Local File Readby maciejklimek

References

VENDOR_ADVISORYhttps://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
MAILING_LISThttp://www.openwall.com/lists/oss-security/2024/03/14/3
MISChttps://security.netapp.com/advisory/ntap-20240517-0001/