GoogleOSV:GHSA-H6RP-8V4J-HWPHApache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.61 Medium
EPSS
Percentile
97.7%
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
References
camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc
rhn.redhat.com/errata/RHSA-2014-0245.html
rhn.redhat.com/errata/RHSA-2014-0254.html
rhn.redhat.com/errata/RHSA-2014-0371.html
rhn.redhat.com/errata/RHSA-2014-0372.html
github.com/apache/camel
github.com/apache/camel/commit/483b445dc77487e2d0f3d8c8bf1a7bbab04464c
github.com/apache/camel/commit/c6de749e9b3c7b61861c5480e91550290585224
github.com/apache/camel/commit/e922f89290f236f3107039de61af0375826bd96d
issues.apache.org/jira/browse/CAMEL-7123
lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2014-0003
web.archive.org/web/20200229061309/www.securityfocus.com/bid/65902
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.61 Medium
EPSS
Percentile
97.7%