8.1

CVE-2015-5348

Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheCamel Version2.6.0
ApacheCamel Version2.7.0
ApacheCamel Version2.7.1
ApacheCamel Version2.7.2
ApacheCamel Version2.7.3
ApacheCamel Version2.7.4
ApacheCamel Version2.7.5
ApacheCamel Version2.8.0
ApacheCamel Version2.8.1
ApacheCamel Version2.8.2
ApacheCamel Version2.8.3
ApacheCamel Version2.8.4
ApacheCamel Version2.8.5
ApacheCamel Version2.8.6
ApacheCamel Version2.9.0
ApacheCamel Version2.9.1
ApacheCamel Version2.9.2
ApacheCamel Version2.9.3
ApacheCamel Version2.9.4
ApacheCamel Version2.9.5
ApacheCamel Version2.9.6
ApacheCamel Version2.9.7
ApacheCamel Version2.9.8
ApacheCamel Version2.10.0
ApacheCamel Version2.10.1
ApacheCamel Version2.10.2
ApacheCamel Version2.10.3
ApacheCamel Version2.10.4
ApacheCamel Version2.10.5
ApacheCamel Version2.10.6
ApacheCamel Version2.10.7
ApacheCamel Version2.11.0
ApacheCamel Version2.11.1
ApacheCamel Version2.11.2
ApacheCamel Version2.11.3
ApacheCamel Version2.11.4
ApacheCamel Version2.12.0
ApacheCamel Version2.12.1
ApacheCamel Version2.12.2
ApacheCamel Version2.12.3
ApacheCamel Version2.12.4
ApacheCamel Version2.12.5
ApacheCamel Version2.13.0
ApacheCamel Version2.13.1
ApacheCamel Version2.13.2
ApacheCamel Version2.13.3
ApacheCamel Version2.13.4
ApacheCamel Version2.14.0
ApacheCamel Version2.14.1
ApacheCamel Version2.14.2
ApacheCamel Version2.14.3
ApacheCamel Version2.14.4
ApacheCamel Version2.15.0
ApacheCamel Version2.15.1
ApacheCamel Version2.15.2
ApacheCamel Version2.15.3
ApacheCamel Version2.15.4
ApacheCamel Version2.16.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 6.37% 0.928
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
http://rhn.redhat.com/errata/RHSA-2016-2035.html
http://camel.apache.org/security-advisories.data/CVE-2015-5348.txt.asc
Vendor Advisory
http://packetstormsecurity.com/files/134946/Apache-Camel-Java-Object-Deserialization.html
http://www.securityfocus.com/archive/1/537147/100/0/threaded
http://www.securityfocus.com/bid/80696
https://issues.apache.org/jira/browse/CAMEL-9309
Vendor Advisory