Published: 03/06/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel prior to 2.13.4 and 2.14.x prior to 2.14.2 allow remote malicious users to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache camel 2.14.0
apache camel
apache camel 2.14.1

It was found that Apache Camel performed XML External Entity (XXE) expansion when evaluating invalid XML Strings or invalid XML GenericFile objects A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks ...

NVD-CWE-Other https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc http://securitytracker.com/id/1032442 http://rhn.redhat.com/errata/RHSA-2015-1041.html http://rhn.redhat.com/errata/RHSA-2015-1538.html http://rhn.redhat.com/errata/RHSA-2015-1539.html https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-0264

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-0264

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect