Vulnerability DatabaseCVE-2014-0003
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2014-0003
Published:March 20, 2014
Updated:June 27, 2026
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
Affected Packages
org.apache.camel:camel-core (JAVA):
Affected version(s) >=2.11.0 <2.11.4
Fix Suggestion:
Update to version 2.11.4
org.apache.camel:camel-core (JAVA):
Affected version(s) >=2.12.0 <2.12.3
Fix Suggestion:
Update to version 2.12.3
Related Resources (20)
http://www.securityfocus.com/bid/65902
https://github.com/apache/camel/commit/e922f89290f236f3107039de61af0375826bd96d
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
http://secunia.com/advisories/57125
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
https://web.archive.org/web/20200229061309/http://www.securityfocus.com/bid/65902
https://github.com/apache/camel/commit/c6de749e9b3c7b61861c5480e91550290585224
http://camel.apache.org/security-advisories.data/CVE-2014-0003.txt.asc
https://issues.apache.org/jira/browse/CAMEL-7123
https://github.com/apache/camel
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2014-0003
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0245.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
http://rhn.redhat.com/errata/RHSA-2014-0254.html
http://secunia.com/advisories/57719
https://github.com/apache/camel/commit/483b445dc77487e2d0f3d8c8bf1a7bbab04464c
http://secunia.com/advisories/57716
Do you need more information?
Contact Us
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Deserialization of Untrusted Data
CWE-502
EPSS
Base Score:
7.29