admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-11-28 18:48:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-28752.md
0xMarcio 1fb02038e8 Update CVE sources 2025-09-29 16:08
2025-09-29 16:08:36 +00:00

26 lines
1.2 KiB
Markdown
Raw Blame History

### [CVE-2024-28752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-28752)
![](https://img.shields.io/static/v1?label=Product&message=Apache%20CXF&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=0%3C%204.0.4%2C%203.6.3%2C%203.5.8%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-918%20Server-Side%20Request%20Forgery%20(SSRF)&color=brighgreen)
### Description
A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/J1ezds/Vulnerability-Wiki-page
- https://github.com/ReaJason/CVE-2024-28752
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/CVE
- https://github.com/Wala-Alnozmai/SVD-Benchmark
- https://github.com/oananbeh/LLM-Java-SVR-Benchmark
- https://github.com/plzheheplztrying/cve_monitor
- https://github.com/tanjiti/sec_profile
- https://github.com/ytono/gcp-arcade
Reference in New Issue View Git Blame Copy Permalink