Vulnerability Description
Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
CVSS Score
7.4
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apache | Camel | <= 2.16.0 |
Related Weaknesses (CWE)
References
- http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1Vendor Advisory
- http://www.securityfocus.com/bid/97226Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1832Third Party Advisory
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e6
- http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1Vendor Advisory
- http://www.securityfocus.com/bid/97226Third Party AdvisoryVDB Entry
- https://access.redhat.com/errata/RHSA-2017:1832Third Party Advisory
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e6
FAQ
What is CVE-2017-5643?
CVE-2017-5643 is a vulnerability with a CVSS score of 7.4 (HIGH). Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
How severe is CVE-2017-5643?
CVE-2017-5643 has been rated HIGH with a CVSS base score of 7.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-5643?
Check the references section above for vendor advisories and patch information. Affected products include: Apache Camel.