Lucene search
RootSSV:61629HistoryMar 04, 2014 - 12:00 a.m.
Apache Camel远程代码执行漏洞(CVE-2014-0003)
2014-03-0400:00:00
Root
www.seebug.org
17
0.61 Medium
EPSS
Percentile
97.5%
BUGTRAQ ID: 65902
CVE(CAN) ID: CVE-2014-0003
Apache Camel是基于已知的企业级集成模式上的开源集成框架。
Apache Camel 2.11.0-2.11.3、Apache Camel 2.12.0-2.12.2版本的XSLT组件允许XSL样式表调用外部Java方法。可以向xslt Camel例程提交消息的远程攻击者,利用此漏洞可在Camel服务器进程上下文中执行任意远程代码。
0
Apache Group Camel < 2.12.3
Apache Group Camel < 2.11.4
厂商补丁:
Apache Group
Apache Group已经为此发布了一个安全公告(CVE-2014-0003)以及相应补丁:
CVE-2014-0003:CVE-2014-0003: Apache Camel critical disclosure vulnerability
链接:http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc
Related
github
github
checkpoint_advisories
checkpoint_advisories
Apache Camel XSLT Component Java Code Execution (CVE-2014-0003)
2014-10-22 00:00:00
osv
osv
prion
prion
Design/Logic Flaw
2014-03-21 04:38:00
ubuntucve
ubuntucve
CVE-2014-0003
2014-03-21 00:00:00
cve
cve
CVE-2014-0003
2014-03-21 04:38:00
redhat
redhat
(RHSA-2014:0323) Important: Red Hat JBoss Fuse/A-MQ 6.0.0 security update
2014-03-24 17:55:48
(RHSA-2014:0254) Important: activemq security update
2014-03-05 00:00:00
(RHSA-2014:0245) Important: activemq security update
2014-03-03 00:00:00
nessus
nessus
RHEL 6 : activemq (RHSA-2014:0245)
2018-12-04 00:00:00
RHEL 6 : activemq (RHSA-2014:0254)
2018-12-04 00:00:00