PT-2016-3685 · Apache · Apache Camel

Sim Yih Tsern

Published

2016-04-15

Updated

2019-05-24

CVE-2015-5348

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Apache Camel versions 2.6.x through 2.14.x Apache Camel versions 2.15.x before 2.15.5 Apache Camel versions 2.16.x before 2.16.1

Description The issue allows remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request when using camel-jetty or camel-servlet as a consumer in Camel routes.

Recommendations For Apache Camel versions 2.6.x through 2.14.x, update to a version outside of this range to resolve the issue. For Apache Camel versions 2.15.x before 2.15.5, update to version 2.15.5 or later. For Apache Camel versions 2.16.x before 2.16.1, update to version 2.16.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2015-5348

GHSA-26V6-W6FW-RH94

Affected Products

Apache Camel

PT-2016-3685 · Apache · Apache Camel

CVE-2015-5348

Weakness Enumeration

Related Identifiers

Affected Products

References · 35