CVE-2015-0264

Currently unrated

Key Information:

Vendor: Apache
Status: Camel
Vendor: CVE Published:; 3 June 2015

Summary

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

References

http://rhn.redhat.com/errata/RHSA-2015-1539.html

vendor-advisoryx_refsource_REDHAT

http://securitytracker.com/id/1032442

vdb-entryx_refsource_SECTRACK

https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=c...

x_refsource_CONFIRM

Timeline

Vulnerability published
Jun 3, 2015
Vulnerability Reserved
Nov 18, 2014