GoogleOSV:GHSA-MHX2-R3JX-G94CApache Camel allows remote actor to read arbitrary files via external entity in invalid XML string or GenericFile object
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.8%
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
References
rhn.redhat.com/errata/RHSA-2015-1041.html
rhn.redhat.com/errata/RHSA-2015-1538.html
rhn.redhat.com/errata/RHSA-2015-1539.html
securitytracker.com/id/1032442
camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
github.com/advisories/GHSA-mhx2-r3jx-g94c
github.com/apache/camel
github.com/apache/camel/commit/7360aada5154434c68774aa30e0f21ddc5f27b9f
github.com/apache/camel/commit/b47b51a195b38e7ab7c099d19910af70a16638f6
issues.apache.org/jira/browse/CAMEL-8312
lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
nvd.nist.gov/vuln/detail/CVE-2015-0264
Related
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.009 Low
EPSS
Percentile
82.8%