CVE-2014-0002
🟡 Monitoruj
Podatność w XSLT Apache Camel umożliwia zdalnym atakującym odczyt dowolnych plików.
CVSS
7.5
EPSS
28.7%
Exploit
poc
Vendor
apache
Opis źródłowy (NVD)
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
exploit xxe
Brak patcha
Źródła i daty
| Źródło | Wartość |
|---|---|
| NVD – CVSS | 7.5 |
| CISA KEV (aktywnie wykorzystywane) | Nie |
| FIRST EPSS (prawdopodobieństwo exploita) | 28.7% |
| Opublikowano (NVD) | 2014-03-21 04:38:59 UTC |
| Ostatnia modyfikacja (NVD) | 2026-05-06 22:30:45 UTC |
Referencje
- http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc (secalert@redhat.com) [Exploit, Vendor Advisory]
- http://rhn.redhat.com/errata/RHSA-2014-0371.html (secalert@redhat.com)
- http://rhn.redhat.com/errata/RHSA-2014-0372.html (secalert@redhat.com)
- http://secunia.com/advisories/57125 (secalert@redhat.com) [Vendor Advisory]
- http://secunia.com/advisories/57716 (secalert@redhat.com)
- http://secunia.com/advisories/57719 (secalert@redhat.com)
- http://www.securityfocus.com/bid/65901 (secalert@redhat.com)
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E (secalert@redhat.com)
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E (secalert@redhat.com)