Vulnerability Details : CVE-2015-0263
XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
Vulnerability category: XML external entity (XXE) injection
Products affected by CVE-2015-0263
- cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-0263
0.20%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 57 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-0263
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2015-0263
-
http://rhn.redhat.com/errata/RHSA-2015-1539.html
RHSA-2015:1539 - Security Advisory - Red Hat Customer Portal
-
http://www.securitytracker.com/id/1032442
Red Hat JBoss Fuse and A-MQ XML External Entity Processing Flaw Lets Remote Users Obtain Potentially Sensitive Files - SecurityTrackerThird Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html - Pony Mail
-
http://rhn.redhat.com/errata/RHSA-2015-1041.html
RHSA-2015:1041 - Security Advisory - Red Hat Customer PortalRelease Notes
-
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html - Pony Mail
-
https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc
Page Not Found - Apache CamelVendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-1538.html
RHSA-2015:1538 - Security Advisory - Red Hat Customer PortalRelease Notes
-
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
ASF Git Repos - camel.git/commitdiffPatch
Jump to