XML External Entity Vulnerability in Apache Camel Software
CVE-2015-0263

Currently unrated

Key Information:

Vendor: Apache
Status: Camel
Vendor: CVE Published:; 3 June 2015

Summary

An XML external entity (XXE) vulnerability exists in the XML converter of Apache Camel, found in converter/jaxp/XmlConverter.java. This flaw permits remote attackers to exploit the SAXSource and read arbitrary files from the server. Prior to the updates in version 2.13.4 and 2.14.2, an attacker can craft a malicious XML that leads to unauthorized file access, exposing sensitive information and potentially allowing further system exploitation.

References

http://rhn.redhat.com/errata/RHSA-2015-1539.html

vendor-advisoryx_refsource_REDHAT

http://rhn.redhat.com/errata/RHSA-2015-1041.html

vendor-advisoryx_refsource_REDHAT

https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=c...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 3, 2015
Vulnerability Reserved
Nov 18, 2014