PT-2015-4551 · Apache · Apache Camel
Stephan Siano
·
Published
2015-06-03
·
Updated
2019-05-24
·
CVE-2015-0263
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apache Camel versions prior to 2.13.4
Apache Camel versions 2.14.x prior to 2.14.2
Description
The issue is related to an XML external entity (XXE) vulnerability in the XML converter setup. This allows remote attackers to read arbitrary files via an external entity in an SAXSource.
Recommendations
For versions prior to 2.13.4, update to version 2.13.4 or later.
For versions 2.14.x prior to 2.14.2, update to version 2.14.2 or later.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apache Camel