CVE-2014-0003 — Deserialization of Untrusted Data in Apache Camel

CWE-264 CWE-502 — Deserialization of Untrusted Data12 documents8 sources

Severity

7.5HIGHNVD

EPSS

23.0%

top 4.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Camel

Timeline

PublishedMar 21

Latest updateOct 16

Description

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDapache/camel2.11.3+27

🔴Vulnerability Details

OSV

Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods↗2018-10-16

▶

GHSA

Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods↗2018-10-16

▶

CVEList

CVE-2014-0003: The XSLT component in Apache Camel 2↗2014-03-20

▶

💥Exploits & PoCs

Exploit-DB

FreeBSD - Multiple Vulnerabilities↗2015-01-29

▶

Exploit-DB

SAP Router - Timing Attack Password Disclosure↗2014-04-17

▶

📋Vendor Advisories

Red Hat

Camel: remote code execution via XSL↗2014-02-28

▶

Apache

Apache camel: CVE-2014-0003↗

▶

💬Community

Bugzilla

CVE-2014-8092 xorg-x11-server: integer overflow in X11 core protocol requests when calculating memory needs for requests↗2014-11-27

▶

Bugzilla

CVE-2004-2771 CVE-2014-7844 mailx: command execution flaw↗2014-11-11

▶

Bugzilla

CVE-2014-0010 moodle: Cross-Site Request Forgery (CSRF) flaws in profile fields (MSA-14-0003)↗2014-01-13

▶

Bugzilla

CVE-2014-0003 Camel: remote code execution via XSL↗2014-01-08

▶