{ "threat_severity" : "Important", "public_date" : "2024-07-19T00:00:00Z", "bugzilla" : { "description" : "apache: cxf: org.apache.cxf:cxf-rt-rs-service-description: SSRF via WADL stylesheet parameter", "id" : "2298827", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2298827" }, "cvss3" : { "cvss3_base_score" : "9.1", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "status" : "verified" }, "cwe" : "CWE-918", "details" : [ "A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.", "A Server-side request forgery (SSRF) vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured." ], "statement" : "This SSRF vulnerability in Apache CXF's WADL service description is of significant severity because it allows an attacker to manipulate server-side requests, potentially leading to unauthorized access to internal resources. By exploiting this flaw, an attacker can craft malicious requests that bypass traditional security controls, enabling the server to communicate with internal systems, which may include databases, cloud services, or other sensitive infrastructure.", "affected_release" : [ { "product_name" : "Red Hat build of Apache Camel 3.20.7 for Spring Boot", "release_date" : "2024-09-19T00:00:00Z", "advisory" : "RHSA-2024:6883", "cpe" : "cpe:/a:redhat:apache_camel_spring_boot:3.20.7" }, { "product_name" : "Red Hat build of Apache Camel 4.4.0 for Spring Boot", "release_date" : "2024-05-06T00:00:00Z", "advisory" : "RHSA-2024:2707", "cpe" : "cpe:/a:redhat:apache-camel-spring-boot:4.4.0" } ], "package_state" : [ { "product_name" : "Red Hat Fuse 7", "fix_state" : "Affected", "package_name" : "org.apache.cxf/cxf-rt-rs-service-description", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Integration Camel K 1", "fix_state" : "Will not fix", "package_name" : "org.apache.cxf/cxf-rt-rs-service-description", "cpe" : "cpe:/a:redhat:integration:1" }, { "product_name" : "Red Hat JBoss Data Grid 7", "fix_state" : "Will not fix", "package_name" : "org.apache.cxf/cxf-rt-rs-service-description", "cpe" : "cpe:/a:redhat:jboss_data_grid:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Not affected", "package_name" : "cxf-rt-rs-service-description", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Not affected", "package_name" : "cxf-rt-rs-service-description", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Not affected", "package_name" : "cxf-rt-rs-service-description", "cpe" : "cpe:/a:redhat:jbosseapxp" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2024-29736\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-29736\nhttps://github.com/advisories/GHSA-5m3j-pxh7-455p\nhttps://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2\nhttps://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p" ], "name" : "CVE-2024-29736", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }