VDB

RHSA-2015%3A2558

RHSA-2015%3A2558 PUBLISHED CVSS 5 MEDIUM

It was found that Apache Camel's XML converter performed XML External Entity (XXE) expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.

Risk Scores

CVSS 2.0
5

Affected Products

VendorProductVersions
Red HatRed Hat JBoss Fuse Service Works 6.2

Timeline

  • Dec 7, 2015 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Distribution Patch
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • Apr 30, 2026 Security Advisory
  • May 14, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›