CVE-2015-0263

CWE-611 — XML External Entity (XXE)7 documents7 sources

Severity

5.0MEDIUM

EPSS

2.6%

top 14.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Camel

Timeline

PublishedJun 3

Latest updateOct 16

Description

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Mavenorg.apache.camel:camel-core2.14.0 — 2.14.2+1

▶NVDapache/camel2.13.3+2

🔴Vulnerability Details

GHSA

Apache Camel XML External Entity vulnerability↗2018-10-16

▶

OSV

Apache Camel XML External Entity vulnerability↗2018-10-16

▶

CVEList

CVE-2015-0263: XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter↗2015-06-03

▶

📋Vendor Advisories

Red Hat

Camel: XXE in via SAXSource expansion↗2015-03-17

▶

Apache

Apache camel: CVE-2015-0263↗

▶

💬Community

Bugzilla

CVE-2015-0263 Camel: XXE in via SAXSource expansion↗2015-03-18

▶