CVE-2017-5643

Severity

7.4

Description

Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.

Mitigation

We recommend upgrading to a version of this package that is not vulnerable to this specific issue.

Related links:

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5643

http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2

http://www.securityfocus.com/bid/97226/discuss

Project

Apache ActiveMQ

Category

SSRF

Tags

data

Date Disclosed

2017-03-16

Date Discovered

2017-01-29

Apache ActiveMQ 5.14.x

First release:

2016-08-02

0

Support Lifecycle:

Extended Support

Namespace:

javax

5.14.0 5.14.1 5.14.2 5.14.3 5.14.4 5.14.5

Apache ActiveMQ 5.13.x

First release:

2015-11-30

0

Support Lifecycle:

Extended Support

Namespace:

javax

5.13.0 5.13.1 5.13.2 5.13.3 5.13.4 5.13.5

Feel Vulnerable?

Contact us so we can help you.

First name ^*
Last name ^*
Email ^*
Company ^*
Product ^*
Heard about us from: ^*
Tell us more ^*

Send me a confirmation email

^* These fields are required.