CVE-2017-5643

Published Mar 16, 2017

Last updated 3 months ago

CVSS high 7.4

Overview

Description: Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
Source: security@apache.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 7.4
Impact score: 4
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5.8
Impact score: 4.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-918

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D87B102-960B-420E-A7BE-C5C8D26DD55D",
            "versionEndIncluding": "2.16.0"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.17.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4057EE83-770C-4448-A020-3ADBA340B01E"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.17.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CE7AA4A-DCC5-4074-9509-A24FAB558527"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.17.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A8DB9E52-C5B3-469B-8C04-B2DFDF6199D5"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.17.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD84467E-AAC5-4147-A295-75BA169B1318"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.17.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A427238F-0D26-44AF-90A7-394A14B185FE"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.17.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9E8EEB54-1119-45C2-87BD-2DEF87E859FF"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.18.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "706C1A6D-2C4D-4A8F-BB64-4E36954CB0B7"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.18.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC9C31F3-91A7-4BBF-B5FA-44C2C008A71F"
          },
          {
            "criteria": "cpe:2.3:a:apache:camel:2.18.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE52612C-5EE4-4333-A09A-03403565A480"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References