Описание
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | amq-6.0 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.0 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-esb-7.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-mq-7.1 | Affected | ||
| Fuse ESB Enterprise 7.1.0 | Fixed | RHSA-2014:0452 | 30.04.2014 | |
| Fuse Management Console 7.1.0 | Fixed | RHSA-2014:0452 | 30.04.2014 | |
| Fuse MQ Enterprise 7.1.0 | Fixed | RHSA-2014:0452 | 30.04.2014 | |
| Red Hat JBoss A-MQ 6.0 | Fixed | RHSA-2014:0323 | 24.03.2014 | |
| Red Hat JBoss BPMS 6.0 | Camel | Fixed | RHSA-2014:0371 | 03.04.2014 |
| Red Hat JBoss BRMS 6.0 | Camel | Fixed | RHSA-2014:0372 | 03.04.2014 |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=1049692Camel: remote code execution via XSL
EPSS
Процентиль: 96%
0.28969
Средний
6 Medium
CVSS2
Связанные уязвимости
ubuntu
почти 12 лет назад
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
nvd
почти 12 лет назад
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
github
больше 7 лет назад
Apache Camel's XSLT component allows remote attackers to execute arbitrary Java methods
EPSS
Процентиль: 96%
0.28969
Средний
6 Medium
CVSS2