CVE-2014-0002

CWE-264CWE-611XML External Entity (XXE)CWE-805CWE-476NULL Pointer DereferenceCWE-362Race Condition19 documents9 sources
Severity
7.5HIGH
EPSS
28.7%
top 3.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Camel
Timeline
PublishedMar 21
Latest updateDec 16

Description

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Mavenorg.apache.camel:camel-core2.12.02.12.3+1
NVDapache/camel2.11.3+27

🔴Vulnerability Details

4
OSV
mm/mempool: fix poisoning order>0 pages with HIGHMEM2025-12-16
GHSA
Apache Camel's XSLT component allows remote attackers to read arbitrary files2018-10-16
OSV
Apache Camel's XSLT component allows remote attackers to read arbitrary files2018-10-16
CVEList
CVE-2014-0002: The XSLT component in Apache Camel before 22014-03-20

💥Exploits & PoCs

2
Exploit-DB
Android WiFi-Direct - Denial of Service2015-01-26
Exploit-DB
Oracle VM VirtualBox - 3D Acceleration Multiple Vulnerabilities2014-03-12

📋Vendor Advisories

5
Red Hat
kernel: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race2024-10-29
Red Hat
kernel: media: vivid: fix compose size exceed boundary2024-09-23
Red Hat
kernel: RDMA/srp: Set scmnd->result only when scmnd is not NULL2024-05-03
Red Hat
Camel: XML eXternal Entity (XXE) flaw in XSLT component2014-02-28
Apache
Apache camel: CVE-2014-0002

🕵️Threat Intelligence

1
Wiz
CVE-2025-68231 Impact, Exploitability, and Mitigation Steps | Wiz

💬Community

4
Bugzilla
CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests2014-11-27
Bugzilla
CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw2014-11-11
Bugzilla
CVE-2014-0009 moodle: group constraint checking issue for loginas (MSA-14-0002)2014-01-13
Bugzilla
CVE-2014-0002 Camel: XML eXternal Entity (XXE) flaw in XSLT component2014-01-08
CVE-2014-0002 (HIGH CVSS 7.5) | The XSLT component in Apache Camel | cvebase.io