Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-0002

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-0002
Last Modified 19 Apr 2014 12:45:51
Published 21 Mar 2014 12:38:59
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-0002

Summary

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Vulnerable Systems

Application

  • Apache Camel 1.0.0

  • Apache Camel 1.1.0

  • Apache Camel 1.2.0

  • Apache Camel 1.3.0

  • Apache Camel 1.4.0

  • Apache Camel 1.5.0

  • Apache Camel 1.6.0

  • Apache Camel 1.6.1

  • Apache Camel 1.6.2

  • Apache Camel 1.6.3

  • Apache Camel 1.6.4

  • Apache Camel 2.0.0

  • Apache Camel 2.1.0

  • Apache Camel 2.10.0

  • Apache Camel 2.10.1

  • Apache Camel 2.10.2

  • Apache Camel 2.10.3

  • Apache Camel 2.10.4

  • Apache Camel 2.10.5

  • Apache Camel 2.10.6

  • Apache Camel 2.10.7

  • Apache Camel 2.11.0

  • Apache Camel 2.11.1

  • Apache Camel 2.11.2

  • Apache Camel 2.11.3

  • Apache Camel 2.12.0

  • Apache Camel 2.12.1

  • Apache Camel 2.12.2


References

BID - 65901

SECUNIA - 57125

CONFIRM - http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc

SECUNIA - 57719

SECUNIA - 57716

REDHAT - RHSA-2014:0372

REDHAT - RHSA-2014:0371


Last Updated: 27 May 2016 11:04:44