Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:CAMEL-XSLT-JCE |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Camel XSLT Component Java Code Execution |
Release Date |
2014/03/24 |
Update Number |
2356 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache Camel XSLT Component Java Code Execution
This signature detects attempts to exploit a known vulnerability against Apache Camel XSLT Component. A successful attack can lead to arbitrary java code execution.
Extended Description
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
Affected Products
- Apache camel 1.0.0
- Apache camel 1.1.0
- Apache camel 1.2.0
- Apache camel 1.3.0
- Apache camel 1.4.0
- Apache camel 1.5.0
- Apache camel 1.6.0
- Apache camel 1.6.1
- Apache camel 1.6.2
- Apache camel 1.6.3
- Apache camel 1.6.4
- Apache camel 2.0.0
- Apache camel 2.1.0
- Apache camel 2.10.0
- Apache camel 2.10.1
- Apache camel 2.10.2
- Apache camel 2.10.3
- Apache camel 2.10.4
- Apache camel 2.10.5
- Apache camel 2.10.6
- Apache camel 2.10.7
- Apache camel 2.11.0
- Apache camel 2.11.1
- Apache camel 2.11.2
- Apache camel 2.11.3
- Apache camel 2.12.0
- Apache camel 2.12.1
- Apache camel 2.12.2
References
- BugTraq: 65902
- CVE: CVE-2014-0003