CVE-2014-0002

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc	Exploit Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/57125	Vendor Advisory
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
http://www.securityfocus.com/bid/65901
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc	Exploit Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
http://secunia.com/advisories/57125	Vendor Advisory
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
http://www.securityfocus.com/bid/65901
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel:1.0.0:::::::*
	cpe:2.3:a:apache:camel:1.1.0:::::::*
	cpe:2.3:a:apache:camel:1.2.0:::::::*
	cpe:2.3:a:apache:camel:1.3.0:::::::*
	cpe:2.3:a:apache:camel:1.4.0:::::::*
	cpe:2.3:a:apache:camel:1.5.0:::::::*
	cpe:2.3:a:apache:camel:1.6.0:::::::*
	cpe:2.3:a:apache:camel:1.6.1:::::::*
	cpe:2.3:a:apache:camel:1.6.2:::::::*
	cpe:2.3:a:apache:camel:1.6.3:::::::*
	cpe:2.3:a:apache:camel:1.6.4:::::::*
	cpe:2.3:a:apache:camel:2.0.0:::::::*
	cpe:2.3:a:apache:camel:2.0.0:milestone1::::::
	cpe:2.3:a:apache:camel:2.0.0:milestone2::::::
	cpe:2.3:a:apache:camel:2.0.0:milestone3::::::
	cpe:2.3:a:apache:camel:2.1.0:::::::*
	cpe:2.3:a:apache:camel:2.10.0:::::::*
	cpe:2.3:a:apache:camel:2.10.1:::::::*
	cpe:2.3:a:apache:camel:2.10.2:::::::*
	cpe:2.3:a:apache:camel:2.10.3:::::::*
	cpe:2.3:a:apache:camel:2.10.4:::::::*
	cpe:2.3:a:apache:camel:2.10.5:::::::*
	cpe:2.3:a:apache:camel:2.10.6:::::::*
	cpe:2.3:a:apache:camel:2.10.7:::::::*
	cpe:2.3:a:apache:camel:2.11.0:::::::*
	cpe:2.3:a:apache:camel:2.11.1:::::::*
	cpe:2.3:a:apache:camel:2.11.2:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:apache:camel:2.12.0:::::::*
	cpe:2.3:a:apache:camel:2.12.1:::::::*
	cpe:2.3:a:apache:camel:2.12.2:::::::*

History

21 Nov 2024, 02:01

Type	Values Removed	Values Added
References	~~() http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc - Exploit, Vendor Advisory~~	() http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc - Exploit, Vendor Advisory
References	~~() http://rhn.redhat.com/errata/RHSA-2014-0371.html -~~	() http://rhn.redhat.com/errata/RHSA-2014-0371.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2014-0372.html -~~	() http://rhn.redhat.com/errata/RHSA-2014-0372.html -
References	~~() http://secunia.com/advisories/57125 - Vendor Advisory~~	() http://secunia.com/advisories/57125 - Vendor Advisory
References	~~() http://secunia.com/advisories/57716 -~~	() http://secunia.com/advisories/57716 -
References	~~() http://secunia.com/advisories/57719 -~~	() http://secunia.com/advisories/57719 -
References	~~() http://www.securityfocus.com/bid/65901 -~~	() http://www.securityfocus.com/bid/65901 -
References	~~() https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E -~~	() https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E -
References	~~() https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E -~~	() https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E -

Information

Published : 2014-03-21 04:38

Updated : 2025-04-12 10:46

NVD link : CVE-2014-0002

Mitre link : CVE-2014-0002

CVE.ORG link : CVE-2014-0002

JSON object : View

Products Affected

apache

camel

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2014-0002", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-03-21T04:38:59.027", "references": [{"url": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc", "tags": ["Exploit", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html", "source": "secalert@redhat.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/57125", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/57716", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/57719", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/65901", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E", "source": "secalert@redhat.com"}, {"url": "http://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0371.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-0372.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/57125", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/57716", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/57719", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/65901", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue."}, {"lang": "es", "value": "El componente XSLT en Apache Camel anterior a 2.11.4 y 2.12.x anterior a 2.12.3 permite a atacantes remotos leer archivos arbitrarios y posiblemente tener otro impacto no especificado a trav\u00e9s de un documento XML que contiene una declaraci\u00f3n de entidad externa en conjunci\u00f3n con una referencia de entidad, relacionado con un problema de XML External Entity (XXE)."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23ED67A5-FBB0-4151-A7C4-D7F9A82D9753", "versionEndIncluding": "2.11.3"}, {"criteria": "cpe:2.3:a:apache:camel:1.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B06E9C0-DB2D-41D6-98C4-93D973929523"}, {"criteria": "cpe:2.3:a:apache:camel:1.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A1BC313E-5651-4FBB-B9E6-E66DBA0139D5"}, {"criteria": "cpe:2.3:a:apache:camel:1.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83727178-A7C0-4C88-A148-E522B25A8300"}, {"criteria": "cpe:2.3:a:apache:camel:1.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "139F899A-6652-42C2-8729-F28C63B60DBA"}, {"criteria": "cpe:2.3:a:apache:camel:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D65D943-3954-4C65-BCFE-993ABE20136B"}, {"criteria": "cpe:2.3:a:apache:camel:1.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ECABA1F-7D64-4272-AA2E-801C9C5CFE67"}, {"criteria": "cpe:2.3:a:apache:camel:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C03AED3D-FA8B-4730-B9DA-CFFCEF29A891"}, {"criteria": "cpe:2.3:a:apache:camel:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C3D7D5F8-89C1-4CFD-8959-E50F0AF50DD0"}, {"criteria": "cpe:2.3:a:apache:camel:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E1D4FA-C1D6-44E9-9326-DDFD16DE9ECF"}, {"criteria": "cpe:2.3:a:apache:camel:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8735662-1424-4F93-B3A3-8CB1D42F953F"}, {"criteria": "cpe:2.3:a:apache:camel:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "506DFDFF-1712-4B4A-814C-C8CAFB7B2EF9"}, {"criteria": "cpe:2.3:a:apache:camel:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4EA86F9-21F1-4FB1-9412-A0BC76190C24"}, {"criteria": "cpe:2.3:a:apache:camel:2.0.0:milestone1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BEFC3427-C311-4DC3-BFF7-0EE28706F729"}, {"criteria": "cpe:2.3:a:apache:camel:2.0.0:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0C4B2BB5-1535-45A3-9FB1-0B4E6D93234B"}, {"criteria": "cpe:2.3:a:apache:camel:2.0.0:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5BD846E7-8B3D-42D9-AA9C-26F2F9ACCE1D"}, {"criteria": "cpe:2.3:a:apache:camel:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "735DED49-ECF3-4DFE-8BF6-D47A9BA76AC8"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8DB96EF4-A413-4632-9D5E-8A22483E4329"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D26D7344-D86B-4BD8-97A5-F33DDCE825D4"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8C16CB0-F061-49FA-81FF-4698E0AB6C75"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "753E5480-95BE-47D5-A020-0A7B95B41A4C"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02D4E217-4934-40FF-B797-2697625C4A69"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E717996-F17E-4D82-8C18-D8590ECC8AB6"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43EC45F1-F990-4D58-90D7-86E7FE57B116"}, {"criteria": "cpe:2.3:a:apache:camel:2.10.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1D65BD5-BCCA-4C69-A9A4-E322AEBEE6F7"}, {"criteria": "cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6392BFDC-B18A-435D-A296-36CCF0AF6CF2"}, {"criteria": "cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "86CF9343-8A2C-40AB-88EC-266CB971A7D2"}, {"criteria": "cpe:2.3:a:apache:camel:2.11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6386086-1DDB-4FE9-A6A3-10B3071B1A48"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D8DD9514-FCDD-4BFE-A1FD-1A44E07671FA"}, {"criteria": "cpe:2.3:a:apache:camel:2.12.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8899BFF7-4077-46D4-BC20-B8FC31D76BA8"}, {"criteria": "cpe:2.3:a:apache:camel:2.12.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9C90E281-33F1-4010-A5A4-CB551C2B59C6"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}

7.5 /10