PT-2017-16639 · Apache · Apache Camel

Franz Forsthofer

Published

2017-03-16

Updated

2019-05-24

CVE-2017-5643

CVSS v3.1

7.4

High

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Apache Camel versions prior to 2.17.6 Apache Camel versions prior to 2.18.3

Description The Validation Component of Apache Camel is susceptible to Server-Side Request Forgery (SSRF) attacks via remote DTDs and XML External Entities (XXE) due to its evaluation of DTD headers in XML stream sources. This issue does not affect SAX or StAX sources.

Recommendations For Apache Camel version 2.17.x, upgrade to version 2.17.6. For Apache Camel version 2.18.x, upgrade to version 2.18.3.

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2017-5643

GHSA-VQ9J-JH62-5HMP

Affected Products

Apache Camel

PT-2017-16639 · Apache · Apache Camel

CVE-2017-5643

Weakness Enumeration

Related Identifiers

Affected Products

References · 16