Apache Camel Vulnerability (CVE-2015-0264)
Apache Camel Vulnerability (CVE-2015-0264)
Release date:
Updated on:
Affected Systems:
Apache Group Camel <2.14.2
Apache Group Camel <2.13.4
Description:
CVE (CAN) ID: CVE-2015-0264
Apache Camel is an open-source integration framework based on a known enterprise-level integration model.
Apache Camel versions earlier than 2.13.4 and earlier than 2.14.2, builder/xml/XPathBuilder. java has multiple xml xxe vulnerabilities. Attackers can exploit this vulnerability to query invalid XML strings or external entities in GenericFile objects through XPath.
<* Source: Stephen Siano
*>
Suggestion:
Vendor patch:
Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
Https://git-wip-us.apache.org/repos/asf? P = camel. git; a = commitdiff; h = 1df559649a96a1ca0415373387e542f46e4820da
Apache Camel framework integrated with Spring
Apache Camel framework Entry Example
Transaction Control in Apache Camel framework
JMS routing in Apache Camel framework
For details about Apache Camel, click here
Apache Camel: click here
This article permanently updates the link address: