Apache Camel Vulnerability (CVE-2015-0263)
Apache Camel Vulnerability (CVE-2015-0263)
Release date:
Updated on:
Affected Systems:
Apache Group Camel <2.14.2
Apache Group Camel <2.13.4
Description:
CVE (CAN) ID: CVE-2015-0263
Apache Camel is an open-source integration framework based on a known enterprise-level integration model.
Apache Camel versions earlier than 2.13.4 and earlier than 2.14.2, converter/jaxp/XmlConverter. multiple xml xxe vulnerabilities exist in XML converter settings in java. Remote attackers can exploit this vulnerability to read arbitrary files through external entities in SAXSource.
<* Source: Stephen Siano
*>
Suggestion:
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc
Https://git-wip-us.apache.org/repos/asf? P = camel. git; a = commitdiff; h = 7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
Apache Camel framework integrated with Spring
Apache Camel framework Entry Example
Transaction Control in Apache Camel framework
JMS routing in Apache Camel framework
For details about Apache Camel, click here
Apache Camel: click here
This article permanently updates the link address: