跳转到帖子

Red Hat JBossEAP: Server-Side Request Forgery (SSRF) (CVE-2024-28752)

recommended_posts

发布于
  • Members

Red Hat JBossEAP: Server-Side Request Forgery (SSRF) (CVE-2024-28752)

Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
03/14/2024
Created
09/20/2024
Added
09/19/2024
Modified
12/20/2024

Description

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.. A server-side request forgery (SSRF) vulnerability was found in Apache CXF. This issue occurs in attacks on webservices that take at least one parameter of any type, and when Aegisdatabind is used. Users of other data bindings including the default databinding are not impacted.

Solution(s)

  • red-hat-jboss-eap-upgrade-latest

References

  • https://attackerkb.com/topics/cve-2024-28752
  • CVE - 2024-28752
  • https://access.redhat.com/security/cve/CVE-2024-28752
  • https://bugzilla.redhat.com/show_bug.cgi?id=2270732
  • https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
  • https://github.com/advisories/GHSA-qmgx-j96g-4428
  • https://access.redhat.com/errata/RHSA-2024:3559
  • https://access.redhat.com/errata/RHSA-2024:3560
  • https://access.redhat.com/errata/RHSA-2024:3561
  • https://access.redhat.com/errata/RHSA-2024:3563
  • https://access.redhat.com/errata/RHSA-2024:5479
  • https://access.redhat.com/errata/RHSA-2024:5481
  • https://access.redhat.com/errata/RHSA-2024:5482
View more
  • 查看数 703
  • 已创建
  • 最后回复

参与讨论

你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。

游客
回帖…