vulnerability
Red Hat JBoss EAP: CVE-2024-29736: Server-Side Request Forgery (SSRF)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:N/C:C/I:C/A:N) | Jul 19, 2024 | Sep 19, 2024 | Sep 29, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:N)
Published
Jul 19, 2024
Added
Sep 19, 2024
Modified
Sep 29, 2025
Description
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured.. A Server-side request forgery (SSRF) vulnerability has been identified in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured.
Solution
red-hat-jboss-eap-upgrade-latest
References
- CWE-918
- CVE-2024-29736
- https://attackerkb.com/topics/CVE-2024-29736
- URL-https://access.redhat.com/security/cve/CVE-2024-29736
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=2298827
- URL-https://github.com/advisories/GHSA-5m3j-pxh7-455p
- URL-https://lists.apache.org/thread/4jtpsswn2r6xommol54p5mg263ysgdw2
- URL-https://osv.dev/vulnerability/GHSA-5m3j-pxh7-455p
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.