Published: 03/06/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel prior to 2.13.4 and 2.14.x prior to 2.14.2 allows remote malicious users to read arbitrary files via an external entity in an SAXSource.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache camel 2.14.0
apache camel
apache camel 2.14.1

It was found that Apache Camel's XML converter performed XML External Entity (XXE) expansion A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks ...

NVD-CWE-Other https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc http://www.securitytracker.com/id/1032442 http://rhn.redhat.com/errata/RHSA-2015-1041.html http://rhn.redhat.com/errata/RHSA-2015-1538.html http://rhn.redhat.com/errata/RHSA-2015-1539.html https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36 https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-0263

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0263

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect