XML External Entity (XXE) vulnerability in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and potentially cause other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference in the XSLT component.

XML External Entity (XXE) vulnerability in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and potentially cause other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference in the XSLT component.

CVE-2014-0002 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Learn more about our Cis Benchmark Audit For Apache Http Server.