CVE-2017-5643

CWE-918 — Server-Side Request Forgery (SSRF)7 documents7 sources

Severity

7.4HIGH

EPSS

1.4%

top 19.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Camel Apache Software Foundation Apache Camel

Timeline

PublishedMar 16

Latest updateOct 16

Description

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:NExploitability: 2.8 | Impact: 4.0

Affected Packages3 packages

▶Mavenorg.apache.camel:camel-core2.18.0 — 2.18.2+1

▶NVDapache/camel2.16.0+9

▶CVEListV5apache_software_foundation/apache_camel2.17.0 to 2.17.5, 2.18.0 to 2.18.2, The unsupported Camel 2.x (2.16 and earlier) versions may be also affected.+2

🔴Vulnerability Details

OSV

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.↗2018-10-16

▶

GHSA

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.↗2018-10-16

▶

CVEList

CVE-2017-5643: Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE↗2017-03-16

▶

📋Vendor Advisories

Red Hat

camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE↗2017-02-24

▶

Apache

Apache camel: CVE-2017-5643↗

▶

💬Community

Bugzilla

CVE-2017-5643 camel-core: Validation component vulnerable to SSRF via remote DTDs and XXE↗2017-03-17

▶