Lucene search
K

14 matches found

Github Security Blog
Github Security Blog
added 2026/04/27 9:34 a.m.12 views

Apache Camel has an incomplete fix for CVE-2025-27636

The fix for CVE-2025-27636 added setLowerCasetrue to HttpHeaderFilterStrategy so that case-variant header names such as 'CAmelExecCommandExecutable' are filtered out alongside 'CamelExecCommandExecutable'. The same setLowerCasetrue call was not applied to five non-HTTP HeaderFilterStrategy...

9.9CVSS7.7AI score0.79817EPSS
Exploits3References10Affected Software4
Positive Technologies
Positive Technologies
added 2026/04/27 12:0 a.m.15 views

PT-2026-35370

Name of the Vulnerable Software and Affected Versions Apache Camel versions 3.0.0 through 4.14.5 Apache Camel versions 4.15.0 through 4.18.1 Apache Camel versions 4.19.0 through 4.19.x Description Certain non-HTTP HeaderFilterStrategy implementations, specifically JmsHeaderFilterStrategy and...

9.9CVSS6.5AI score0.0086EPSS
Exploits0References21
RedHat Linux
RedHat Linux
added 2025/03/20 3:47 p.m.16 views

Moderate: Red Hat Security Advisory: Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available (RHBQ 3.15.3.SP2)

An update for Red Hat Build of Apache Camel 4.8 for Quarkus 3.15 update is now available RHBQ 3.15.3.SP2. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Red Hat Product...

5.6CVSS7AI score0.79817EPSS
Exploits3References3
F5 Networks
F5 Networks
added 2025/03/19 2:32 p.m.22 views

K000150458: Apache Camel vulnerability CVE-2025-27636

Security Advisory Description Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10...

5.6CVSS6.6AI score0.79817EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2025/03/18 12:0 a.m.21 views

Apache Camel 3.10.0 < 3.22.4 / 4.8.x < 4.8.5 / 4.10.x < 4.10.2 Message Header Injection (CVE-2025-27636)

The version of Apache Camel on the remote host is 3.10.0 prior to 3.22.4, 4.8.x prior to 4.8.5, or 4.10.x prior to 4.10.2. It is, therefore, affected by a message header injection vulnerability: - Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue...

5.6CVSS7.1AI score0.79817EPSS
Exploits3References2
Imperva Blog
Imperva Blog
added 2025/03/14 5:16 p.m.25 views

Imperva Protects Against the Apache Camel Vulnerabilities

Introduction: Understanding the Apache Camel Flaw On March 9, 2025, Apache released a security advisory for CVE-2025-27636, a vulnerability in the Apache Camel framework that allows attackers to bypass header filtering via miscased headers. Although rated as moderate, this vulnerability...

5.6CVSS5.7AI score0.79817EPSS
Exploits4
vulnersOsv
vulnersOsv
added 2025/03/12 3:32 p.m.6 views

br.com.senior:crm-http-camel-api (>=0.0.2-alpha <=0.0.81-alpha), br.com.senior:novasoft-http-camel-api (>=0.0.3-alpha <=0.0.93-alpha) +3130 more potentially affected by CVE-2025-27636 +1 more via org.apache.camel:camel-support (>=3.10.0 <=3.22.3)

org.apache.camel:camel-support MAVEN version =3.10.0, =0.0.2-alpha, =0.0.3-alpha, =0.0.1-alpha, =1.0.0, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =0.0.1-alpha, =18.4.0, =18.4.0, =24.17.0 - com.approvaltests:approvaltests-util-tests =18.4.0 and more Source...

5.6CVSS7AI score0.79817EPSS
Exploits4
Github Security Blog
Github Security Blog
added 2025/03/12 3:32 p.m.21 views

Apache Camel Message Header Injection through request parameters

Bypass/Injection vulnerability in Apache Camel. This issue affects Apache Camel: from 4.9.0 before 4.10.2, from 4.0.0 before 4.8.5, from 3.10.0 before 3.22.4. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS and 3.22.4 for 3.x releases. This vulnerability is...

4.8CVSS4.8AI score0.71999EPSS
Exploits2References8Affected Software1
Akamai Blog
Akamai Blog
added 2025/03/11 4:0 p.m.32 views

Detecting and Mitigating the Apache Camel Vulnerabilities

Akamai researchers have created detection scripts and additional details for the Apache Camel vulnerabilities CVE-2025-27636 and CVE-2025-29891...

5.6CVSS5.7AI score0.79817EPSS
Exploits3
NVD
NVD
added 2025/03/09 1:15 p.m.72 views

CVE-2025-27636

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS an...

5.6CVSS0.79817EPSS
Exploits3References6
vulnersOsv
vulnersOsv
added 2025/03/09 12:43 p.m.7 views

com.github.camel-tooling:camel-lsp-server (>=1.25.0 <=1.28.0), com.solace.connector.core.io:spring-cloud-stream-binder-camel (=1.0.0) +2123 more potentially affected by CVE-2025-27636 via org.apache.camel:camel-support (>=4.8.0 <=4.8.4)

org.apache.camel:camel-support MAVEN version =4.8.0, =1.25.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =0.0.1, =0.37.0, =0.38.0 and more Source cves: CVE-2025-27636 Source advisory: SNYK:JAVA-ORGAPACHECAMEL-9376919...

5.6CVSS7AI score0.79817EPSS
Exploits3
Vulnrichment
Vulnrichment
added 2025/03/09 12:9 p.m.23 views

CVE-2025-27636 Apache Camel: Camel Message Header Injection via Improper Filtering

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS an...

5.1AI score0.79817EPSS
Exploits3References3
Cvelist
Cvelist
added 2025/03/09 12:9 p.m.33 views

CVE-2025-27636 Apache Camel: Camel Message Header Injection via Improper Filtering

Bypass/Injection vulnerability in Apache Camel components under particular conditions. This issue affects Apache Camel: from 4.10.0 through = 4.10.1, from 4.8.0 through = 4.8.4, from 3.10.0 through = 3.22.3. Users are recommended to upgrade to version 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS an...

0.79817EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2025/03/09 9:42 a.m.602 views

Exploit for Improper Handling of Case Sensitivity in Apache Camel

PoC exploit for CVE-2025-27636, an Apache Camel vulnerability. T...

5.6CVSS7.4AI score0.79817EPSS
Exploits3
Rows per page
Query Builder