Detections
Analytics

CVE-2014-0003

high

Description

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

References

https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E

http://www.securityfocus.com/bid/65902

http://secunia.com/advisories/57719

http://secunia.com/advisories/57716

http://secunia.com/advisories/57125

http://rhn.redhat.com/errata/RHSA-2014-0372.html

http://rhn.redhat.com/errata/RHSA-2014-0371.html

http://rhn.redhat.com/errata/RHSA-2014-0254.html

http://rhn.redhat.com/errata/RHSA-2014-0245.html

Details

Source: Mitre, NVD

Published: 2014-03-21

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Severity: High