Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2014-0002

Опубликовано: 21 мар. 2014
Источник: nvd
CVSS2: 7.5
EPSS Средний

Описание

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*
Версия до 2.11.3 (включая)
cpe:2.3:a:apache:camel:1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.5.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.0.0:milestone1:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.0.0:milestone2:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.0.0:milestone3:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.10.7:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.11.2:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.12.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:camel:2.12.2:*:*:*:*:*:*:*

EPSS

Процентиль: 96%
0.28739
Средний

7.5 High

CVSS2

Дефекты

CWE-264

Связанные уязвимости

redhat логотип

CVE-2014-0002

redhat
почти 12 лет назад

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

github логотип

GHSA-2fw5-rvf2-jq56

github
больше 7 лет назад

Apache Camel's XSLT component allows remote attackers to read arbitrary files

EPSS

Процентиль: 96%
0.28739
Средний

7.5 High

CVSS2

Дефекты

CWE-264