XML External Entity Vulnerabilities in Apache Camel
CVE-2015-0264

Currently unrated

Key Information:

Vendor: Apache
Status: Camel
Vendor: CVE Published:; 3 June 2015

Summary

Multiple XML External Entity (XXE) vulnerabilities exist in Apache Camel's XPath processing. These vulnerabilities allow remote attackers to exploit improperly handled XML inputs, which may enable them to read arbitrary files on the server. The exploitation occurs through the manipulation of external entities in invalid XML structures, specifically within String or GenericFile objects. Affected users should update to the latest versions to mitigate these security risks.

References

http://rhn.redhat.com/errata/RHSA-2015-1539.html

vendor-advisoryx_refsource_REDHAT

http://securitytracker.com/id/1032442

vdb-entryx_refsource_SECTRACK

https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=c...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 3, 2015
Vulnerability Reserved
Nov 18, 2014