PT-2016-3685 · Apache · Apache Camel

Sim Yih Tsern

Publicado

2016-04-15

Atualizado

2019-05-24

CVE-2015-5348

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Camel versions 2.6.x through 2.14.x Apache Camel versions 2.15.x before 2.15.5 Apache Camel versions 2.16.x before 2.16.1

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request when using camel-jetty or camel-servlet as a consumer in Camel routes.

Recommendations For Apache Camel versions 2.6.x through 2.14.x, update to a version outside of this range to resolve the issue. For Apache Camel versions 2.15.x before 2.15.5, update to version 2.15.5 or later. For Apache Camel versions 2.16.x before 2.16.1, update to version 2.16.1 or later.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-19

Identificadores relacionados

CVE-2015-5348

GHSA-26V6-W6FW-RH94

Produtos afetados

Apache Camel

PT-2016-3685 · Apache · Apache Camel

CVE-2015-5348

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 35