CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-28752

Medium Severity
SVRS
38/100
CVSSv3
NA/10
EPSS
0.0005/1

CVE-2024-28752 is a Server-Side Request Forgery (SSRF) vulnerability affecting Apache CXF. This flaw enables attackers to make requests to internal resources from the server by exploiting the Aegis DataBinding feature. The SSRF vulnerability impacts versions of Apache CXF before 4.0.4, 3.6.3, and 3.5.8. Although the CVSS score is 0, indicating no base severity, the SOCRadar Vulnerability Risk Score (SVRS) is 38, suggesting a moderate level of risk because of real-world exploitability. An attacker can leverage this vulnerability to access sensitive information or interact with internal systems. Users employing other data bindings are not affected. Organizations using vulnerable Apache CXF versions with Aegis DataBinding should prioritize patching to mitigate potential attacks and unauthorized access.

TAGS
In The Wild
Vendor-advisory
VECTOR STRING
PUBLICATION DATE2024-03-15
LAST MODIFIED2025-02-13
Eye Icon
SOCRadar
AI Insight

Description

CVE-2024-28752 is a Server-Side Request Forgery (SSRF) vulnerability in Apache CXF versions prior to 4.0.4, 3.6.3, and 3.5.8. It allows an attacker to perform SSRF attacks on web services that accept at least one parameter of any type. The SVRS for this vulnerability is 38, indicating a moderate risk.

Key Insights

  • SSRF attacks can allow attackers to access internal resources and data. This can lead to data breaches, denial of service attacks, and other security breaches.
  • The vulnerability is actively exploited in the wild. This means that attackers are actively using this vulnerability to target organizations.
  • The Cybersecurity and Infrastructure Security Agency (CISA) has warned of the vulnerability. CISA has issued a warning about this vulnerability, calling for immediate and necessary measures to mitigate the risk.

Mitigation Strategies

  • Update Apache CXF to version 4.0.4, 3.6.3, or 3.5.8. This will patch the vulnerability and protect your systems from exploitation.
  • Restrict access to web services that are vulnerable to SSRF attacks. This can be done by using firewalls, access control lists, and other security measures.
  • Monitor your systems for signs of SSRF attacks. This can be done by using intrusion detection systems, log analysis tools, and other security monitoring tools.

Additional Information

If you have any additional questions about this incident, you can use the 'Ask to Analyst' feature, contact SOCRadar directly, or open a support ticket for more information.

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery (Nessus ID 211909)
vuldb.com2024-11-28
CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery (Nessus ID 211909) | A vulnerability was found in Apache CXF up to 3.5.7/3.6.2/4.0.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Aegis Databinding. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-28752
vuldb.com
rss
forum
news
CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery
vuldb.com2024-06-11
CVE-2024-28752 | Apache CXF up to 3.5.7/3.6.2/4.0.3 Aegis Databinding server-side request forgery | A vulnerability was found in Apache CXF up to 3.5.7/3.6.2/4.0.3. It has been rated as critical. Affected by this issue is some unknown functionality of the component Aegis Databinding. The manipulation leads to server-side request forgery. This vulnerability is handled as CVE-2024-28752. The attack needs
cve-2024-28752
domains
urls
cves

Social Media

No tweets found for this CVE

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
[email protected]http://www.openwall.com/lists/oss-security/2024/03/14/3
[email protected]https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
[email protected]http://www.openwall.com/lists/oss-security/2024/03/14/3
[email protected]https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
[email protected]https://security.netapp.com/advisory/ntap-20240517-0001/
AF854A3A-2127-422B-91AE-364DA2661108http://www.openwall.com/lists/oss-security/2024/03/14/3
AF854A3A-2127-422B-91AE-364DA2661108https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
AF854A3A-2127-422B-91AE-364DA2661108https://security.netapp.com/advisory/ntap-20240517-0001/
[email protected]http://www.openwall.com/lists/oss-security/2024/03/14/3
[email protected]https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt
[email protected]https://security.netapp.com/advisory/ntap-20240517-0001/

CWE Details

CWE IDCWE NameDescription
CWE-918Server-Side Request Forgery (SSRF)The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence