Description

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Remediation

References

http://rhn.redhat.com/errata/RHSA-2015-1041.html

http://rhn.redhat.com/errata/RHSA-2015-1538.html

http://rhn.redhat.com/errata/RHSA-2015-1539.html

http://securitytracker.com/id/1032442

https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc

https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Related Vulnerabilities

CVE-2020-2091 Vulnerability in maven package org.jenkins-ci.plugins:ec2

CVE-2015-1833 Vulnerability in maven package org.apache.jackrabbit:jackrabbit-webdav

CVE-2023-24998 Vulnerability in maven package org.apache.tomcat:tomcat-catalina

CVE-2023-40178 Vulnerability in npm package @node-saml/node-saml

CVE-2015-5346 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core

Severity

Critical

Tags

Vendor Advisory NVD-CWE-Other