ID CVE-2017-5643
Summary Apache Camel's Validation Component is vulnerable against SSRF via remote DTDs and XXE.
References
Vulnerable Configurations
  • cpe:2.3:a:apache:camel:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.3.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.3.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.3.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.3.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.3.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.3.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.3.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.3.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.3.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.3.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.4.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.4.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.4.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.4.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.4.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.4.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.4.0:rc5:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.4.0:rc5:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.5.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.5.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.5.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.5.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.5.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.5.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.6.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.6.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:m1:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:m1:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:m2:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:m2:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:m3:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:m3:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:milestone1:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:milestone1:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:milestone2:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:milestone2:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:milestone3:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:milestone3:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.7.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.7.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.8.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.8.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.0:-:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.9.8:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.9.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.10.7:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.10.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.11.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.11.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.11.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.11.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.12.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.12.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.12.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.12.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.12.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.12.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.12.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.12.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.12.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.12.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.13.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.13.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.13.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.13.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.13.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.13.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.13.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.13.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.14.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.14.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.14.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.14.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.14.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.14.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.15.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.15.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.15.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.15.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.15.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.15.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.15.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.15.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.15.6:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.15.6:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.17.4:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.17.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.17.5:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.17.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.18.1:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.18.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apache:camel:2.18.2:*:*:*:*:*:*:*
    cpe:2.3:a:apache:camel:2.18.2:*:*:*:*:*:*:*
CVSS
Base: 5.8 (as of 24-05-2019 - 11:29)
Impact:
Exploitability:
CWE CWE-918
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL NONE
cvss-vector via4 AV:N/AC:M/Au:N/C:P/I:P/A:N
redhat via4
advisories
rhsa
id RHSA-2017:1832
refmap via4
bid 97226
confirm http://camel.apache.org/security-advisories.data/CVE-2017-5643.txt.asc?version=1&modificationDate=1489652454000&api=v2
mlist
  • [camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html
  • [camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html
Last major update 24-05-2019 - 11:29
Published 16-03-2017 - 15:59
Last modified 24-05-2019 - 11:29
Back to Top