Vulnerability Description
Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
CVSS Score
9.8
CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Camel | 2.16.0 |
Related Weaknesses (CWE)
References
- http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2Vendor Advisory
- http://www.openwall.com/lists/oss-security/2017/05/22/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/97179Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1832Third Party Advisory
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e6
- https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=trueExploitTechnical DescriptionThird Party Advisory
- http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2Vendor Advisory
- http://www.openwall.com/lists/oss-security/2017/05/22/2Mailing ListThird Party Advisory
- http://www.securityfocus.com/bid/97179Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1832Third Party Advisory
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e6
- https://www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdf?raw=trueExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2016-8749?
CVE-2016-8749 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Apache Camel's Jackson and JacksonXML unmarshalling operation are vulnerable to Remote Code Execution attacks.
How severe is CVE-2016-8749?
CVE-2016-8749 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2016-8749?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Camel.