CVSS: 5.3EPSS: 1%CPEs: 3EXPL: 0CVE-2015-0264 – Camel: XXE via XPath expression evaluation
https://notcve.org/view.php?id=CVE-2015-0264
01 Jun 2015 — Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query. Múltiples vulnerabilidades de entidad externa XML (XXE) en builder/xml/XPathBuilder.java en Apache Camel anterior a 2.13.4 y 2.14.x anterior a 2.14.2 permiten a atacantes remotos leer ficheros arbitrarios a través de una entidad ... • http://rhn.redhat.com/errata/RHSA-2015-1041.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 29%CPEs: 31EXPL: 1CVE-2014-0003 – Camel: remote code execution via XSL
https://notcve.org/view.php?id=CVE-2014-0003
02 Mar 2014 — The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. El componente XSLT en Apache Camel 2.11.x anterior a 2.11.4, 2.12.x anterior a 2.12.3 y posiblemente versiones anteriores permite a atacantes remotos ejecutar métodos Java arbitrarios a través de un mensaje manipulado. Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw... • http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 34%CPEs: 31EXPL: 1CVE-2014-0002 – Camel: XML eXternal Entity (XXE) flaw in XSLT component
https://notcve.org/view.php?id=CVE-2014-0002
02 Mar 2014 — The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El componente XSLT en Apache Camel anterior a 2.11.4 y 2.12.x anterior a 2.12.3 permite a atacantes remotos leer archivos arbitrarios y posiblemente tener otro impacto no especificado a través de u... • http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc • CWE-264: Permissions, Privileges, and Access Controls CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 17%CPEs: 51EXPL: 0CVE-2013-4330 – Camel: remote code execution via header field manipulation
https://notcve.org/view.php?id=CVE-2013-4330
30 Sep 2013 — Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. Apache Camel anterior a la versión 2.9.7, 2.10.0 anterior a 2.10.7, 2.11.0 anterior a la versión 2.11.2, y 2.12.0 permite a atacantes remotos ejecutar expresiones de lenguaje arbitrarias incluyendo "$simple{}" en una cabecera del mensaje CamelFileName a un produc... • http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943 • CWE-94: Improper Control of Generation of Code ('Code Injection') •