PT-2017-16639 · Apache · Apache Camel

Franz Forsthofer

Publicado

2017-03-16

Atualizado

2019-05-24

CVE-2017-5643

CVSS v3.1

7.4

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Camel versions prior to 2.17.6 Apache Camel versions prior to 2.18.3

Description The Validation Component of Apache Camel is susceptible to Server-Side Request Forgery (SSRF) attacks via remote DTDs and XML External Entities (XXE) due to its evaluation of DTD headers in XML stream sources. This issue does not affect SAX or StAX sources.

Recommendations For Apache Camel version 2.17.x, upgrade to version 2.17.6. For Apache Camel version 2.18.x, upgrade to version 2.18.3.

Correção

SSRF

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-918

Identificadores relacionados

CVE-2017-5643

GHSA-VQ9J-JH62-5HMP

Produtos afetados

Apache Camel

PT-2017-16639 · Apache · Apache Camel

CVE-2017-5643

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16