Vulnerability Description
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Camel | <= 2.15.4 |
Related Weaknesses (CWE)
References
- http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.ascVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2016-2035.html
- http://www.securityfocus.com/archive/1/537414/100/0/threaded
- http://www.securityfocus.com/bid/82260
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e6
- http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.ascVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2016-2035.html
- http://www.securityfocus.com/archive/1/537414/100/0/threaded
- http://www.securityfocus.com/bid/82260
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e6
FAQ
What is CVE-2015-5344?
CVE-2015-5344 is a vulnerability with a CVSS score of 9.8 (CRITICAL). The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
How severe is CVE-2015-5344?
CVE-2015-5344 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-5344?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Camel.