CVE-2015-5344

CWE-19CWE-502Deserialization of Untrusted Data8 documents8 sources
Severity
9.8CRITICAL
EPSS
5.0%
top 10.31%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Apache Camel
Timeline
PublishedFeb 3
Latest updateOct 16

Description

The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Mavenorg.apache.camel:camel-xstream2.16.02.16.1+1
NVDapache/camel2.15.4+1

🔴Vulnerability Details

3
OSV
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands2018-10-16
GHSA
Camel-xstream component in Apache Camel can allow remote attackers to execute arbitrary commands2018-10-16
CVEList
CVE-2015-5344: The camel-xstream component in Apache Camel before 22016-02-03

💥Exploits & PoCs

1
Exploit-DB
Magento eCommerce - Remote Code Execution2015-08-26

📋Vendor Advisories

2
Red Hat
camel-xstream: Java object de-serialization vulnerability leads to RCE2015-11-06
Apache
Apache camel: CVE-2015-5344

💬Community

1
Bugzilla
CVE-2015-5344 camel-xstream: Java object de-serialization vulnerability leads to RCE2016-02-01
CVE-2015-5344 (CRITICAL CVSS 9.8) | The camel-xstream component in Apac | cvebase.io