Remote Command Execution Vulnerability in Apache Camel Component
CVE-2015-5344

9.8CRITICAL

Key Information:

Vendor: Apache
Status: Camel
Vendor: CVE Published:; 3 February 2016

🔔 Create Apache Vulnerability Alert

What is CVE-2015-5344?

The camel-xstream component within Apache Camel, prior to versions 2.15.5 and 2.16.1, is susceptible to a vulnerability that could allow remote attackers to execute arbitrary code. This can occur through the exploitation of crafted serialized Java objects sent via HTTP requests, which poses significant risks to system integrity and confidentiality.

References

http://rhn.redhat.com/errata/RHSA-2016-2035.html

vendor-advisoryx_refsource_REDHAT

http://camel.apache.org/security-advisories.data/CVE-2015...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/82260

vdb-entryx_refsource_BID

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2016
Vulnerability Reserved
Jul 1, 2015

.

CVE-2015-5344 : Remote Command Execution Vulnerability in Apache Camel Component