6.8
CVSSv2

CVE-2015-5348

Published: 15/04/2016 Updated: 24/05/2019
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apache Camel 2.6.x up to and including 2.14.x, 2.15.x prior to 2.15.5, and 2.16.x prior to 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote malicious users to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.
Vulnerable Product Search on Vulmon Subscribe to Product

apache camel 2.6.0

apache camel 2.7.0

apache camel 2.7.1

apache camel 2.7.2

apache camel 2.7.3

apache camel 2.7.4

apache camel 2.7.5

apache camel 2.8.0

apache camel 2.8.1

apache camel 2.8.2

apache camel 2.8.3

apache camel 2.8.4

apache camel 2.8.5

apache camel 2.8.6

apache camel 2.9.0

apache camel 2.9.1

apache camel 2.9.2

apache camel 2.9.3

apache camel 2.9.4

apache camel 2.9.5

apache camel 2.9.6

apache camel 2.9.7

apache camel 2.9.8

apache camel 2.10.0

apache camel 2.10.1

apache camel 2.10.2

apache camel 2.10.3

apache camel 2.10.4

apache camel 2.10.5

apache camel 2.10.6

apache camel 2.10.7

apache camel 2.11.0

apache camel 2.11.1

apache camel 2.11.2

apache camel 2.11.3

apache camel 2.11.4

apache camel 2.12.0

apache camel 2.12.1

apache camel 2.12.2

apache camel 2.12.3

apache camel 2.12.4

apache camel 2.12.5

apache camel 2.13.0

apache camel 2.13.1

apache camel 2.13.2

apache camel 2.13.3

apache camel 2.13.4

apache camel 2.14.0

apache camel 2.14.1

apache camel 2.14.2

apache camel 2.14.3

apache camel 2.14.4

apache camel 2.15.0

apache camel 2.15.1

apache camel 2.15.2

apache camel 2.15.3

apache camel 2.15.4

apache camel 2.16.0

Vendor Advisories

It was found that Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatically de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object ...

Github Repositories

The cheat sheet about Java Deserialization vulnerabilities

Java-Deserialization-Cheat-Sheet A cheat sheet for pentesters and researchers about deserialization vulnerabilities in various Java (JVM) serialization libraries Please, use #javadeser hash tag for tweets Table of content Java Native Serialization (binary) Overview Main talks & presentations & docs Payload generators Exploits Detect Vulnerable apps (without

Compiled dataset of Java deserialization CVEs

Java-Deserialization-CVEs This is a dataset of CVEs related to Java Deserialization Since existing CVE databases do not allow for granular searches by vulnerability type and language, this list was compiled by manually searching the NIST NVD CVE database with different queries If you notice any discrepancies, contributions are very welcome! CVE ID Year CVSS 3/31 risk CV