CVE-2015-0264
Description
Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Risk Information
Base Score
4.2
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C
EPSS Score
Exploitation Probability
2.016
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2015-0264,CVE-2015-0263 are fixed in Apache-camel-core 2.13.4 | Windows |
| Vulnerabilities CVE-2015-0264,CVE-2015-0263 are fixed in Apache-camel-core 2.14.2 | Windows |
| Vulnerabilities CVE-2015-0264,CVE-2015-0263 are fixed in Apache-camel-core for Linux 2.13.4 | Linux |
| Vulnerabilities CVE-2015-0264,CVE-2015-0263 are fixed in Apache-camel-core for Linux 2.14.2 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234