CVE-2015-0264
Published Jun 3, 2015
Last updated a year ago
Overview
- Description
- Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
- Source
- secalert@redhat.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Evaluator
- Comment
- <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E65DC32-33D4-46FB-97AD-0ACF0DDF6E00",
"versionEndIncluding": "2.13.3"
},
{
"criteria": "cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BF8F319C-1212-4787-A1E8-15D576527EF2"
},
{
"criteria": "cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "17E12D85-196F-4723-A4EC-7DC900087AC5"
}
],
"operator": "OR"
}
]
}
]