CVE-2017-5643

7.4HIGH

Key Information:

Vendor
Apache
Status
Apache Camel
Vendor
CVE Published:
16 March 2017

Summary

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

Affected Version(s)

Apache Camel 2.17.0 to 2.17.5

Apache Camel 2.18.0 to 2.18.2

Apache Camel The unsupported Camel 2.x (2.16 and earlier) versions may be also affected.

References

http://www.securityfocus.com/bid/97226
vdb-entryx_refsource_BID
https://access.redhat.com/errata/RHSA-2017:1832
vendor-advisoryx_refsource_REDHAT
http://camel.apache.org/security-advisories.data/CVE-2017...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.4
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.