Vulnerability Description
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Camel | <= 2.11.3 |
Related Weaknesses (CWE)
References
- http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.ascExploitVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0245.html
- http://rhn.redhat.com/errata/RHSA-2014-0254.html
- http://rhn.redhat.com/errata/RHSA-2014-0371.html
- http://rhn.redhat.com/errata/RHSA-2014-0372.html
- http://secunia.com/advisories/57125Vendor Advisory
- http://secunia.com/advisories/57716
- http://secunia.com/advisories/57719
- http://www.securityfocus.com/bid/65902
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e6
- http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.ascExploitVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2014-0245.html
- http://rhn.redhat.com/errata/RHSA-2014-0254.html
- http://rhn.redhat.com/errata/RHSA-2014-0371.html
FAQ
What is CVE-2014-0003?
CVE-2014-0003 is a vulnerability with a CVSS score of 7.5 (HIGH). The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
How severe is CVE-2014-0003?
CVE-2014-0003 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0003?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Camel.