CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2015-0263 – Camel: XXE in via SAXSource expansion
https://notcve.org/view.php?id=CVE-2015-0263
01 Jun 2015 — XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource. Vulnerabilidad de entidad externa XML (XXE) en el montaje del convertidor XML en converter/jaxp/XmlConverter.java en Apache Camel anterior a 2.13.4 y 2.14.x anterior a 2.14.2 p3ermite a atacantes remotos leer ficheros arbitrarios a través de una entidad externa en u... • http://rhn.redhat.com/errata/RHSA-2015-1041.html • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 29%CPEs: 31EXPL: 1CVE-2014-0002 – Camel: XML eXternal Entity (XXE) flaw in XSLT component
https://notcve.org/view.php?id=CVE-2014-0002
02 Mar 2014 — The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. El componente XSLT en Apache Camel anterior a 2.11.4 y 2.12.x anterior a 2.12.3 permite a atacantes remotos leer archivos arbitrarios y posiblemente tener otro impacto no especificado a través de u... • http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc • CWE-264: Permissions, Privileges, and Access Controls CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 7.5EPSS: 27%CPEs: 31EXPL: 1CVE-2014-0003 – Camel: remote code execution via XSL
https://notcve.org/view.php?id=CVE-2014-0003
02 Mar 2014 — The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message. El componente XSLT en Apache Camel 2.11.x anterior a 2.11.4, 2.12.x anterior a 2.12.3 y posiblemente versiones anteriores permite a atacantes remotos ejecutar métodos Java arbitrarios a través de un mensaje manipulado. Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw... • http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 51EXPL: 0CVE-2013-4330 – Camel: remote code execution via header field manipulation
https://notcve.org/view.php?id=CVE-2013-4330
30 Sep 2013 — Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer. Apache Camel anterior a la versión 2.9.7, 2.10.0 anterior a 2.10.7, 2.11.0 anterior a la versión 2.11.2, y 2.12.0 permite a atacantes remotos ejecutar expresiones de lenguaje arbitrarias incluyendo "$simple{}" en una cabecera del mensaje CamelFileName a un produc... • http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943 • CWE-94: Improper Control of Generation of Code ('Code Injection') •