Plattform
java
Komponente
org.apache.cxf:cxf-rt-databinding-aegis
Behoben in
4.0.4, 3.6.3, 3.5.8
3.5.8
CVE-2024-28752 describes a Server-Side Request Forgery (SSRF) vulnerability discovered in Apache CXF's Aegis DataBinding. This flaw allows attackers to initiate unauthorized requests to internal or external resources, potentially exposing sensitive data or enabling further attacks. The vulnerability affects versions of Apache CXF prior to 4.0.4, 3.6.3, and 3.5.8. A fix is available in version 3.5.8.
The SSRF vulnerability in Apache CXF allows an attacker to craft malicious requests that are processed by the server, effectively using the server as a proxy. This can lead to several severe consequences. Attackers could potentially scan internal networks for exposed services, access sensitive data stored within internal systems, or even interact with cloud provider metadata services to obtain credentials. The blast radius extends to any internal resource accessible via HTTP/HTTPS from the CXF server. Successful exploitation could lead to data breaches, privilege escalation, and complete system compromise. This vulnerability shares similarities with other SSRF exploits where attackers leverage trusted internal connections to bypass security boundaries.
CVE-2024-28752 was publicly disclosed on March 15, 2024. The vulnerability is considered critical due to the potential for significant impact. No public proof-of-concept exploits have been widely reported at the time of writing, but the SSRF nature of the vulnerability makes it likely that exploits will emerge. It is not currently listed on the CISA KEV catalog.
Organizations using Apache CXF for web service integration, particularly those relying on the Aegis DataBinding for data serialization and deserialization, are at risk. This includes applications that process data from external sources without proper validation. Shared hosting environments where multiple applications share the same CXF instance are also particularly vulnerable.
• java / server:
ps -ef | grep cxf• java / server:
find / -name "cxf-rt-databinding-aegis*.jar" -print• generic web:
curl -I <affected_cxf_endpoint>• generic web:
grep -r "Aegis DataBinding" /var/log/apache2/access.logdisclosure
Exploit-Status
EPSS
0.59% (69% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-28752 is to upgrade Apache CXF to version 3.5.8 or later, 3.6.3 or later, or 4.0.4 or later. If immediate upgrading is not possible, consider implementing a Web Application Firewall (WAF) to filter outbound requests and block those targeting internal resources. Restrict network access to the CXF server to only necessary services. Carefully review and validate any user-supplied data used in constructing requests to prevent attackers from manipulating the destination URL. Monitor CXF logs for suspicious outbound requests originating from unexpected sources.
Actualice Apache CXF a la versión 4.0.4, 3.6.3 o 3.5.8 o superior. Esto corrige la vulnerabilidad SSRF en el enlace de datos Aegis. Si no puede actualizar inmediatamente, considere deshabilitar o evitar el uso del enlace de datos Aegis.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-28752 is a critical SSRF vulnerability affecting Apache CXF versions up to 3.5.7, allowing attackers to make unauthorized requests through the Aegis DataBinding.
You are affected if you are using Apache CXF versions 3.5.7 or earlier and utilizing the Aegis DataBinding for data processing.
Upgrade Apache CXF to version 3.5.8 or later to resolve the SSRF vulnerability. Consider temporary workarounds like restricting outbound network access if immediate upgrade is not possible.
While no public exploits are currently available, the SSRF nature of the vulnerability suggests a high likelihood of exploitation in the near future.
Refer to the Apache CXF security page for the latest information and advisory regarding CVE-2024-28752: https://cxf.apache.org/security-advisories.html
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.