5

CVE-2015-0263

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCamel Version <= 2.13.3
ApacheCamel Version2.14.0
ApacheCamel Version2.14.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 7.53% 0.937
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
http://rhn.redhat.com/errata/RHSA-2015-1041.html
Release Notes
http://rhn.redhat.com/errata/RHSA-2015-1538.html
Release Notes
http://rhn.redhat.com/errata/RHSA-2015-1539.html
http://www.securitytracker.com/id/1032442
Third Party Advisory
VDB Entry
https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc
Vendor Advisory
https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36