CVE-2015-0263

Severity

50%

Complexity

99%

Confidentiality

48%

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

CWE-611: Improper Restriction of XML External Entity Reference ('XXE')

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

Apache Camel

First reported 9 years ago

2015-06-03 20:59:00

Last updated 5 years ago

2019-05-24 11:29:00

Affected Software

Apache Camel 2.14.0

2.14.0

Apache Camel 2.14.1

2.14.1

References

RHSA-2015:1041

Release Notes

RHSA-2015:1538

Release Notes

RHSA-2015:1539

1032442

Third Party Advisory, VDB Entry

https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc

Vendor Advisory

https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36

Patch

[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html

[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.