Lucene search
ApacheCVELIST:CVE-2024-28752HistoryMar 15, 2024 - 10:27 a.m.
CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding
2024-03-1510:27:30
CWE-918
apache
www.cve.org
10
apache cxf
ssrf
vulnerability
aegis databinding
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
CNA Affected
[
{
"defaultStatus": "unaffected",
"packageName": "org.apache.cxf.aegis",
"product": "Apache CXF",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "4.0.4, 3.6.3, 3.5.8",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
]Related
veracode
veracode
Server-Side Request Forgery (SSRF)
2024-03-18 08:35:48
nvd
nvd
CVE-2024-28752
2024-03-15 11:15:09
cve
cve
CVE-2024-28752
2024-03-15 11:15:09
nessus
nessus
osv
osv
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-15 12:30:37
CGA-58x7-92cj-h7fv
2024-06-06 12:24:03
CGA-877w-8xxp-xv6m
2024-06-06 12:25:10
ibm
ibm
github
github
SSRF vulnerability using the Aegis DataBinding in Apache CXF
2024-03-15 12:30:37
vulnrichment
vulnrichment
CVE-2024-28752 Apache CXF SSRF Vulnerability using the Aegis databinding
2024-03-15 10:27:30
redhatcve
redhatcve
CVE-2024-28752
2024-03-21 15:31:52
cgr
cgr
CVE-2024-28752 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-28752 vulnerabilities
2024-09-30 03:53:08
redhat
redhat
oracle
oracle
Oracle Critical Patch Update Advisory - July 2024
2024-07-16 00:00:00