VDB
CVE-2015-0264
CVE-2015-0264
PUBLISHED
Reported by redhat · Published June 3, 2015
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, *, n/a |
| Maven | org.apache.camel:camel-core | 0, 0 |
Timeline
- Jun 3, 2015 CVE Published
- May 24, 2019 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- RHSA-2015:1539 vendor-advisoryx_refsource_REDHAT
- 1032442 vdb-entryx_refsource_SECTRACK
- x_refsource_CONFIRM
- RHSA-2015:1041 vendor-advisoryx_refsource_REDHAT
- RHSA-2015:1538 vendor-advisoryx_refsource_REDHAT
- x_refsource_CONFIRM
- [camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- [camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html mailing-listx_refsource_MLIST
- http://camel.apache.org/security-advisories.html url
- https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc?version=1&modificationDate=1426539191000&api=v2 url
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0264 advisory