CVE-2014-0003

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Apache Camel versions 2.11.x through 2.11.3 Apache Camel versions 2.12.x through 2.12.2

Description The issue allows remote attackers to execute arbitrary Java methods via a crafted message, potentially leading to unauthorized access and control. This is related to the XSLT component in Apache Camel.

Recommendations For Apache Camel versions 2.11.x through 2.11.3, update to version 2.11.4 or later. For Apache Camel versions 2.12.x through 2.12.2, update to version 2.12.3 or later.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502CWE-264

Related Identifiers

CVE-2014-0003

GHSA-H6RP-8V4J-HWPH

RHSA-2014:0245

RHSA-2014:0254

Affected Products

Apache Camel

CVE-2014-0003

Weakness Enumeration

Related Identifiers

Affected Products

References · 21