CVE-2015-0264
Apache Camel < 2.13.4 and 2.14.x < 2.14.2 - XML External Entity Injection via XPath Query
Title source: llmDescription
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1539.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1041.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1538.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id/1032442
Various Sources x_refsource_confirm
https://git-wip-us.apache.org/repos/asf?p=camel.git%3Ba=commitdiff%3Bh=1df559649a96a1ca0368373387e542f46e4820da
Vendor Advisory x_refsource_confirm
https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
Scores
EPSS
0.0202
EPSS Percentile
84.0%
Details
Status
published
Products (4)
apache/camel
2.14.0
apache/camel
2.14.1
apache/camel
< 2.13.3
org.apache.camel/camel-core
0 - 2.13.4Maven
Published
Jun 03, 2015
Tracked Since
Feb 18, 2026