VDB
RHSA-2015%3A2558
RHSA-2015%3A2558
PUBLISHED
CVSS 5 MEDIUM
It was found that Apache Camel's XML converter performed XML External Entity (XXE) expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.
Risk Scores
CVSS 2.0
5
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | Red Hat JBoss Fuse Service Works 6.2 |
Timeline
- Dec 7, 2015 CVE Published
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Distribution Patch
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- Apr 30, 2026 Security Advisory
- May 14, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2015:2558 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse.serviceworks&downloadType=distributions&version=6.2.1 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1203341 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1203344 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=1243934 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2558.json advisory
- https://access.redhat.com/security/cve/CVE-2015-0263 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-0263 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-0263 advisory
- https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc advisory
- https://access.redhat.com/security/cve/CVE-2015-0264 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-0264 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-0264 advisory
- https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc advisory
- https://access.redhat.com/security/cve/CVE-2015-3253 advisory
- https://www.cve.org/CVERecord?id=CVE-2015-3253 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2015-3253 advisory
- http://seclists.org/oss-sec/2015/q3/121 advisory