Vulnerability DatabaseCVE-2015-5344
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2015-5344
February 03, 2016
The camel-xstream component in Apache Camel before 2.15.5 and 2.16.x before 2.16.1 allow remote attackers to execute arbitrary commands via a crafted serialized Java object in an HTTP request.
Affected Packages
org.apache.camel:camel-xstream (JAVA):
Affected version(s) =2.16.0 <2.16.1
Fix Suggestion:
Update to version 2.16.1
org.apache.camel:camel-xstream (JAVA):
Affected version(s) >=1.3.0 <2.15.5
Fix Suggestion:
Update to version 2.15.5
Related Resources (19)
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
https://github.com/apache/camel/commit/b7afb3769a38b8e526f8046414d4a71430d77df0
https://issues.apache.org/jira/browse/CAMEL-9297
https://github.com/apache/camel/commit/f07a33c467adb3d37aa8192698caadfee43a17dc
https://github.com/apache/camel/commit/4491c080cb6c8659fc05441e49307b7d4349aa56
https://github.com/apache/camel/commit/4cdc6b177ee7391eedc9f0b695c05d56f84b0812
http://camel.apache.org/security-advisories.data/CVE-2015-5344.txt.asc
https://github.com/apache/camel/commit/157c0b4a3c8017de432f1c99f83e374e97dc4d36
https://github.com/apache/camel/commit/8386d8f7260143802553bc6dbae2880d6c0bafda
https://github.com/apache/camel/commit/369d0a6d605055cb843e7962b101e3bbcd113fec
http://www.securityfocus.com/archive/1/537414/100/0/threaded
https://nvd.nist.gov/vuln/detail/CVE-2015-5344
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
https://github.com/advisories/GHSA-gv5f-cjw9-5vxg
http://rhn.redhat.com/errata/RHSA-2016-2035.html
https://github.com/apache/camel
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
http://www.securityfocus.com/bid/82260
Do you need more information?
Contact Us
CVSS v4
Base Score:
9.3
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
4.97