cve/2024/CVE-2024-28752.md

### [CVE-2024-28752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28752)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20CXF&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.4%2C%203.6.3%2C%203.5.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)

### Description

A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/ReaJason/CVE-2024-28752
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/CVE
- https://github.com/Wala-Alnozmai/SVD-Benchmark
- https://github.com/oananbeh/LLM-Java-SVR-Benchmark
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/tanjiti/sec_profile
- https://github.com/ytono/gcp-arcade
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`### [CVE-2024-28752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28752)`
			`![](https://img.shields.io/static/v1?label=Product&message=Apache%20CXF&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.4%2C%203.6.3%2C%203.5.8%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)`

			`### Description`

			`A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
Update CVE sources 2025-09-29 16:08 2025-09-29 16:08:36 +00:00			`- https://github.com/J1ezds/Vulnerability-Wiki-page`
			`- https://github.com/ReaJason/CVE-2024-28752`
			`- https://github.com/Threekiii/Awesome-POC`
			`- https://github.com/Threekiii/CVE`
			`- https://github.com/Wala-Alnozmai/SVD-Benchmark`
			`- https://github.com/oananbeh/LLM-Java-SVR-Benchmark`
			`- https://github.com/plzheheplztrying/cve_monitor`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00			`- https://github.com/tanjiti/sec_profile`
Update CVE sources 2024-08-05 18:41 2024-08-05 18:41:32 +00:00			`- https://github.com/ytono/gcp-arcade`
Update Sat May 25 21:48:12 CEST 2024 2024-05-25 21:48:12 +02:00