This Confluence has been LDAP enabled, if you are an ASF Committer, please use your LDAP Credentials to login. Any problems file an INFRA jira ticket please.

Child pages
  • Security Advisories

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

2015

  • CVE-2015-5344 - Apache Camel's XStream usage is vulnerable to Remote Code Execution attacks.
  • CVE-2015-5348 - Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation vulnerability.
  • CVE-2015-0264 - The XPath handling in Apache Camel for invalid XML Strings or invalid XML GenericFile objects allows remote attackers to read arbitrary files via an XML External Entity (XXE) declaration. The XML External Entity (XXE) will be resolved before the Exception is thrown.
  • CVE-2015-0263 - The XML converter setup in Apache Camel allows remote attackers to read arbitrary files via an SAXSource containing an XML External Entity (XXE) declaration.

...