CVE-2015-5348

8.1HIGH

Key Information:

Vendor: Apache
Status: Camel
Vendor: CVE Published:; 15 April 2016

Summary

Apache Camel 2.6.x through 2.14.x, 2.15.x before 2.15.5, and 2.16.x before 2.16.1, when using (1) camel-jetty or (2) camel-servlet as a consumer in Camel routes, allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

References

http://packetstormsecurity.com/files/134946/Apache-Camel-...

x_refsource_MISC

http://rhn.redhat.com/errata/RHSA-2016-2035.html

vendor-advisoryx_refsource_REDHAT

http://camel.apache.org/security-advisories.data/CVE-2015...

x_refsource_CONFIRM

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 15, 2016
Vulnerability Reserved
Jul 1, 2015

.