Lucene search

[email protected]CVE-2015-0263

HistoryJun 03, 2015 - 8:59 p.m.

CVE-2015-0263

2015-06-0320:59:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2015-0263

xml

xxe

vulnerability

apache camel

remote attack

arbitrary files

saxsource

9.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%

JSON

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

CPENameOperatorVersion
apache:camelapache cameleq2.14.0
apache:camelapache camelle2.13.3
apache:camelapache cameleq2.14.1

CPE	Name	Operator	Version
apache:camel	apache camel	eq	2.14.0
apache:camel	apache camel	le	2.13.3
apache:camel	apache camel	eq	2.14.1

References

rhn.redhat.com/errata/RHSA-2015-1041.html

rhn.redhat.com/errata/RHSA-2015-1538.html

rhn.redhat.com/errata/RHSA-2015-1539.html

www.securitytracker.com/id/1032442

camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc

git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36

lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

9.2 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.004 Low

EPSS

Percentile

73.6%

JSON

Related for CVE-2015-0263

osv1 cvelist1 prion1 github1 redhat4 ibm2