CVE-2017-12634
camel-castor: Apache Camel's Castor unmarshalling operation is vulnerable to Remote Code Execution attacks
Severity Score
9.8
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The camel-castor component in Apache Camel 2.x before 2.19.4 and 2.20.x before 2.20.1 is vulnerable to Java object de-serialisation vulnerability. De-serializing untrusted data can lead to security flaws.
El componente camel-castor en Apache Camel en versiones 2.x anteriores a la 2.19.4 y las versiones 2.20.x anteriores a la 2.20.1 es vulnerable a una deserialización de objetos Java. La deserialización de datos no fiables puede conducir a fallos de seguridad.
It was found that Apache Camel contains a security vulnerability via camel-castor component. An attacker can utilize this flaw to deserialize a malicious object on the target machine which could lead to Remote Code Execution (RCE).
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2017-08-07 CVE Reserved
- 2017-11-15 CVE Published
- 2023-11-08 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-502: Deserialization of Untrusted Data
CAPEC
References (8)
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://camel.apache.org/security-advisories.data/CVE-2017-12634.txt.asc | 2023-11-07 | |
https://access.redhat.com/errata/RHSA-2018:0319 | 2023-11-07 | |
https://issues.apache.org/jira/browse/CAMEL-11929 | 2023-11-07 | |
https://access.redhat.com/security/cve/CVE-2017-12634 | 2018-02-14 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1513376 | 2018-02-14 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Camel Search vendor "Apache" for product "Camel" | >= 2.0.0 < 2.19.4 Search vendor "Apache" for product "Camel" and version " >= 2.0.0 < 2.19.4" | - |
Affected
| ||||||
Apache Search vendor "Apache" | Camel Search vendor "Apache" for product "Camel" | 2.20.0 Search vendor "Apache" for product "Camel" and version "2.20.0" | - |
Affected
|