Tobias S. Fink

**Name of the Vulnerable Software and Affected Versions** Apache CXF versions prior to 4.0.5 Apache CXF versions prior to 3.6.4 Apache CXF versions prior to 3.5.9 **Description** A SSRF vulnerability in the WADL service description of Apache CXF allows an attacker to perform SSRF style attacks on REST webservices. This issue is related to the incorrect transformation of a stylesheet and can be exploited if a custom stylesheet parameter is configured. **Recommendations** For versions prior to 4.0.5, update to version 4.0.5 or later. For versions prior to 3.6.4, update to version 3.6.4 or later. For versions prior to 3.5.9, update to version 3.5.9 or later. As a temporary workaround, consider disabling the custom stylesheet parameter until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apache CXF versions prior to 4.0.4 Apache CXF versions prior to 3.6.3 Apache CXF versions prior to 3.5.8 **Description** A Server-Side Request Forgery (SSRF) vulnerability in Apache CXF's Aegis DataBinding allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings, including the default databinding, are not impacted. **Recommendations** For Apache CXF versions prior to 4.0.4, update to version 4.0.4 or later. For Apache CXF versions prior to 3.6.3, update to version 3.6.3 or later. For Apache CXF versions prior to 3.5.8, update to version 3.5.8 or later. As a temporary workaround, consider disabling the Aegis DataBinding until a patch is available.