cbcvebase.
CVE-2014-0002
published 2014-03-21

CVE-2014-0002: The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified…

PriorityP358high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
32.54%
98.1th percentile
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Affected

33 ranges· showing 25
VendorProductVersion rangeFixed in
apachecamel<= 2.11.3
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel
apachecamel

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_apache7.5CRITICAL
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.