VDB

RHSA-2015%3A1041

RHSA-2015%3A1041 PUBLISHED CVSS 5 MEDIUM

It was found that Apache Camel's XML converter performed XML External Entity (XXE) expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

Risk Scores

CVSS 2.0
5

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Fuse 6.1
Red HatRed Hat JBoss A-MQ 6.1

Timeline

  • Jun 1, 2015 CVE Published
  • Mar 18, 2026 CVE Updated
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›