CVE-2014-0003

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

Published Bysecalert@redhat.com

Published DateMar 21, 2014, 04:38

Affected Versions(2)

org.apache.camel:camel-core(Maven)

Introduced2.11.0

Fixed2.11.4

LimitN/A

org.apache.camel:camel-core(Maven)

Introduced2.12.0

Fixed2.12.3

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
org.apache.camel:camel-core(Maven)	2.11.0	2.11.4	N/A
org.apache.camel:camel-core(Maven)	2.12.0	2.12.3	N/A

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL

References

Weakness Type (CWE):CWE-264

CVSS Metrics

Base Score

7.5

Vector String

AV:N/AC:L/Au:N/C:P/I:P/A:P

Base Severity

Version

2.0

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality (C)

PARTIAL

Integrity (I)

PARTIAL

Availability (A)

PARTIAL