CVE-2015-0263: XEE
First published: Wed Jun 03 2015(Updated: )
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.apache.camel:camel-core | >=2.14.0<2.14.2 | 2.14.2 |
| maven/org.apache.camel:camel-core | <2.13.4 | 2.13.4 |
| Red Hat Build of Apache Camel | <=2.13.3 | |
| Red Hat Build of Apache Camel | =2.14.0 | |
| Red Hat Build of Apache Camel | =2.14.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://rhn.redhat.com/errata/RHSA-2015-1041.html
- http://rhn.redhat.com/errata/RHSA-2015-1538.html
- http://rhn.redhat.com/errata/RHSA-2015-1539.html
- http://www.securitytracker.com/id/1032442
- https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc
- https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
- https://nvd.nist.gov/vuln/detail/CVE-2015-0263
- https://github.com/advisories/GHSA-3hrc-f439-727g (Advisory)
- https://github.com/apache/camel/commit/06db9e0744f2bb9f6e3bf16c0dfe7099a3481558
- https://github.com/apache/camel/commit/367d53e73c8b5a1e73c24423e631709f9a96e08d
- https://github.com/apache/camel/commit/7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
- https://issues.apache.org/jira/browse/CAMEL-8312
- https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
Frequently Asked Questions
What is the severity of CVE-2015-0263?
CVE-2015-0263 is classified as a medium severity vulnerability due to its capability to allow remote attackers to read arbitrary files.
How do I fix CVE-2015-0263?
To fix CVE-2015-0263, upgrade Apache Camel to version 2.14.2 or 2.13.4 or later.
What impact does CVE-2015-0263 have on affected systems?
The impact of CVE-2015-0263 allows an attacker to exploit the vulnerability to potentially access sensitive files on the server.
Which versions of Apache Camel are affected by CVE-2015-0263?
CVE-2015-0263 affects Apache Camel versions before 2.13.4 and versions 2.14.0 and 2.14.1.
Is there a patch available for CVE-2015-0263?
Yes, patches are available in the form of updates to Apache Camel versions 2.13.4 and 2.14.2.
- collector/github-advisory-latest
- alias/GHSA-3hrc-f439-727g
- alias/CVE-2015-0263
- collector/github-advisory
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/remedy
- agent/weakness
- agent/references
- agent/description
- agent/event
- agent/first-publish-date
- agent/trending
- agent/source
- agent/tags
- collector/nvd-cve
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- package-manager/maven
- vendor/apache
- canonical/red hat build of apache camel
- version/red hat build of apache camel/2.13.3
- version/red hat build of apache camel/2.14.0
- version/red hat build of apache camel/2.14.1