{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss BRMS 6.1.2, which fixes two security issues, several bugs,\nand adds various enhancements, is now available from the Red Hat\nCustomer Portal.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss BRMS is a business rules management system for the\nmanagement, storage, creation, modification, and deployment of JBoss Rules.\n\nThis release of Red Hat JBoss BRMS 6.1.2 serves as a replacement for Red\nHat JBoss BRMS 6.1.0, and includes bug fixes and enhancements, which are\ndocumented in the README.txt file included with the patch files.\n\nThe following security issues are also fixed with this release:\n\nIt was found that Apache Camel\u0027s XML converter performed XML External\nEntity (XXE) expansion. A remote attacker able to submit an SAXSource\ncontaining an XXE declaration could use this flaw to read files accessible\nto the user running the application server, and potentially perform other\nmore advanced XXE attacks. (CVE-2015-0263)\n\nIt was found that Apache Camel performed XML External Entity (XXE)\nexpansion when evaluating invalid XML Strings or invalid XML GenericFile\nobjects. A remote attacker able to submit a crafted XML message could use\nthis flaw to read files accessible to the user running the application\nserver, and potentially perform other more advanced XXE attacks.\n(CVE-2015-0264)\n\nAll users of Red Hat JBoss BRMS 6.1.0 as provided from the Red Hat Customer\nPortal are advised to upgrade to Red Hat JBoss BRMS 6.1.2.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1538",
        "url": "https://access.redhat.com/errata/RHSA-2015:1538"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms\u0026downloadType=securityPatches\u0026version=6.1.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=brms\u0026downloadType=securityPatches\u0026version=6.1.0"
      },
      {
        "category": "external",
        "summary": "1203341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
      },
      {
        "category": "external",
        "summary": "1203344",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1538.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss BRMS 6.1.2 update",
    "tracking": {
      "current_release_date": "2024-11-05T18:58:29+00:00",
      "generator": {
        "date": "2024-11-05T18:58:29+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2015:1538",
      "initial_release_date": "2015-08-03T19:41:41+00:00",
      "revision_history": [
        {
          "date": "2015-08-03T19:41:41+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-02-20T12:36:20+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T18:58:29+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss BRMS 6.0",
                "product": {
                  "name": "Red Hat JBoss BRMS 6.0",
                  "product_id": "Red Hat JBoss BRMS 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_brms:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Decision Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-0263",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203344"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel\u0027s XML converter performed XML External Entity (XXE) expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE in via SAXSource expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss BRMS 6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203344",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-03T19:41:41+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss BRMS 6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1538"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss BRMS 6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE in via SAXSource expansion"
    },
    {
      "cve": "CVE-2015-0264",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel performed XML External Entity (XXE) expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE via XPath expression evaluation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss BRMS 6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-03T19:41:41+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing the\nupdate, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss BRMS 6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1538"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss BRMS 6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE via XPath expression evaluation"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Fuse Service Works 6.2.1, which fixes three security issues\nand various bugs, is now available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Important security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Fuse Service Works is the next-generation ESB and business\nprocess automation infrastructure.\n\nThis release of Red Hat JBoss Fuse Service Works 6.2.1 serves as a\nreplacement for Red Hat JBoss Fuse Service Works 6.0.0. It includes various\nbug fixes, which are listed in the README file included with the patch\nfiles.\n\nThe following security issues are fixed with this release:\n\nA flaw was discovered that when an application uses Groovy (has it on the\nclasspath) and uses the standard Java serialization mechanism, an attacker\ncan bake a special serialized object that executes code directly when\ndeserialized. All applications which rely on serialization and do not\nisolate the code which deserializes objects are subject to this\nvulnerability. (CVE-2015-3253)\n\nIt was found that Apache Camel\u0027s XML converter performed XML External\nEntity (XXE) expansion. A remote attacker able to submit an SAXSource\ncontaining an XXE declaration could use this flaw to read files accessible\nto the user running the application server, and potentially perform other\nmore advanced XXE attacks. (CVE-2015-0263)\n\nIt was found that Apache Camel performed XML External Entity (XXE)\nexpansion when evaluating invalid XML Strings or invalid XML GenericFile\nobjects. A remote attacker able to submit a crafted XML message could use\nthis flaw to read files accessible to the user running the application\nserver, and potentially perform other more advanced XXE attacks.\n(CVE-2015-0264)\n\nAll users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the\nRed Hat Customer Portal are advised to apply this security update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:2558",
        "url": "https://access.redhat.com/errata/RHSA-2015:2558"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse.serviceworks\u0026downloadType=distributions\u0026version=6.2.1",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse.serviceworks\u0026downloadType=distributions\u0026version=6.2.1"
      },
      {
        "category": "external",
        "summary": "1203341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
      },
      {
        "category": "external",
        "summary": "1203344",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
      },
      {
        "category": "external",
        "summary": "1243934",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243934"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_2558.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Fuse Service Works 6.2.1 update",
    "tracking": {
      "current_release_date": "2024-11-05T19:09:05+00:00",
      "generator": {
        "date": "2024-11-05T19:09:05+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2015:2558",
      "initial_release_date": "2015-12-07T20:46:48+00:00",
      "revision_history": [
        {
          "date": "2015-12-07T20:46:48+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-02-20T12:38:27+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T19:09:05+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Fuse Service Works 6.2",
                "product": {
                  "name": "Red Hat JBoss Fuse Service Works 6.2",
                  "product_id": "Red Hat JBoss Fuse Service Works 6.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse_service_works:6.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse Service Works"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-0263",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203344"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel\u0027s XML converter performed XML External Entity (XXE) expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE in via SAXSource expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Fuse Service Works 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203344",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-07T20:46:48+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the updates). Before applying the updates, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss Fuse Service Works 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2558"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Fuse Service Works 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE in via SAXSource expansion"
    },
    {
      "cve": "CVE-2015-0264",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel performed XML External Entity (XXE) expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE via XPath expression evaluation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Fuse Service Works 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-07T20:46:48+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the updates). Before applying the updates, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss Fuse Service Works 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2558"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss Fuse Service Works 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE via XPath expression evaluation"
    },
    {
      "cve": "CVE-2015-3253",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "discovery_date": "2015-07-16T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1243934"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was discovered in the way applications using Groovy used the standard Java serialization mechanism. A remote attacker could use a specially crafted serialized object that would execute code directly when deserialized. All applications which rely on serialization and do not isolate the code which deserializes objects are subject to this vulnerability.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "groovy: remote execution of untrusted code in class MethodClosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss Fuse Service Works 6.2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-3253"
        },
        {
          "category": "external",
          "summary": "RHBZ#1243934",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1243934"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-3253",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-3253"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-3253",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3253"
        },
        {
          "category": "external",
          "summary": "http://seclists.org/oss-sec/2015/q3/121",
          "url": "http://seclists.org/oss-sec/2015/q3/121"
        }
      ],
      "release_date": "2015-07-16T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-12-07T20:46:48+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the updates). Before applying the updates, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss Fuse Service Works 6.2"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:2558"
        },
        {
          "category": "workaround",
          "details": "Apply the following patch on the MethodClosure class (src/main/org/codehaus/groovy/runtime/MethodClosure.java):\n\n    public class MethodClosure extends Closure {\n        +    private Object readResolve() {\n        +        throw new UnsupportedOperationException();\n        +    \n        }\n\nAlternatively, you should make sure to use a custom security policy file (using the standard Java security manager) or make sure that you do not rely on serialization to communicate remotely.",
          "product_ids": [
            "Red Hat JBoss Fuse Service Works 6.2"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.6,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "Red Hat JBoss Fuse Service Works 6.2"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "groovy: remote execution of untrusted code in class MethodClosure"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss Fuse and A-MQ 6.1.0 Patch 4 on Rollup Patch 2 (R2P4), which\nfixes two security issues, several bugs, and adds various enhancements, is\nnow available from the Red Hat Customer Portal.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss Fuse, based on Apache ServiceMix, provides a small-footprint,\nflexible, open source enterprise service bus and integration platform.\nRed Hat JBoss A-MQ, based on Apache ActiveMQ, is a standards compliant\nmessaging system that is tailored for use in mission critical applications.\n\nThis patch is an update to Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ\n6.1.0. It includes several bug fixes, which are documented in the\nreadme.txt file included with the patch files. The following security\nissues are addressed in this release:\n\nIt was found that Apache Camel\u0027s XML converter performed XML External\nEntity (XXE) expansion. A remote attacker able to submit an SAXSource\ncontaining an XXE declaration could use this flaw to read files accessible\nto the user running the application server, and potentially perform other\nmore advanced XXE attacks. (CVE-2015-0263)\n\nIt was found that Apache Camel performed XML External Entity (XXE)\nexpansion when evaluating invalid XML Strings or invalid XML GenericFile\nobjects. A remote attacker able to submit a crafted XML message could use\nthis flaw to read files accessible to the user running the application\nserver, and potentially perform other more advanced XXE attacks.\n(CVE-2015-0264)\n\nRefer to the readme.txt file included with the patch files for\ninstallation instructions.\n\nAll users of Red Hat JBoss Fuse 6.1.0 and Red Hat JBoss A-MQ 6.1.0 as\nprovided from the Red Hat Customer Portal are advised to apply this update.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1041",
        "url": "https://access.redhat.com/errata/RHSA-2015:1041"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.1.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=jboss.fuse\u0026downloadType=securityPatches\u0026version=6.1.0"
      },
      {
        "category": "external",
        "summary": "1203341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
      },
      {
        "category": "external",
        "summary": "1203344",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1041.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss Fuse/A-MQ 6.1.0 update",
    "tracking": {
      "current_release_date": "2024-11-05T18:54:27+00:00",
      "generator": {
        "date": "2024-11-05T18:54:27+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2015:1041",
      "initial_release_date": "2015-06-01T17:08:08+00:00",
      "revision_history": [
        {
          "date": "2015-06-01T17:08:08+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-02-20T12:35:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T18:54:27+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss A-MQ 6.1",
                "product": {
                  "name": "Red Hat JBoss A-MQ 6.1",
                  "product_id": "Red Hat JBoss A-MQ 6.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_amq:6.1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Fuse 6.1",
                "product": {
                  "name": "Red Hat JBoss Fuse 6.1",
                  "product_id": "Red Hat JBoss Fuse 6.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_fuse:6.1.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Fuse"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-0263",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203344"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel\u0027s XML converter performed XML External Entity (XXE) expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE in via SAXSource expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.1",
          "Red Hat JBoss Fuse 6.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203344",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-06-01T17:08:08+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.1",
            "Red Hat JBoss Fuse 6.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1041"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.1",
            "Red Hat JBoss Fuse 6.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE in via SAXSource expansion"
    },
    {
      "cve": "CVE-2015-0264",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel performed XML External Entity (XXE) expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE via XPath expression evaluation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss A-MQ 6.1",
          "Red Hat JBoss Fuse 6.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-06-01T17:08:08+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update).",
          "product_ids": [
            "Red Hat JBoss A-MQ 6.1",
            "Red Hat JBoss Fuse 6.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1041"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss A-MQ 6.1",
            "Red Hat JBoss Fuse 6.1"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE via XPath expression evaluation"
    }
  ]
}

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat JBoss BPM Suite 6.1.2, which fixes three security issues, several\nbugs, and adds various enhancements, is now available from the Red Hat\nCustomer Portal.\n\nRed Hat Product Security has rated this update as having Moderate security\nimpact. Common Vulnerability Scoring System (CVSS) base scores, which give\ndetailed severity ratings, are available for each vulnerability from the\nCVE links in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Red Hat JBoss BPM Suite is a business rules and processes management system\nfor the management, storage, creation, modification, and deployment of\nJBoss rules and BPMN2-compliant business processes.\n\nThis release of Red Hat JBoss BPM Suite 6.1.2 serves as a replacement for\nRed Hat JBoss BPM Suite 6.1.0, and includes bug fixes and enhancements,\nwhich are documented in the README.txt file included with the patch files.\n\nThe following security issues are also fixed with this release:\n\nIt was found that Apache Camel\u0027s XML converter performed XML External\nEntity (XXE) expansion. A remote attacker able to submit an SAXSource\ncontaining an XXE declaration could use this flaw to read files accessible\nto the user running the application server, and potentially perform other\nmore advanced XXE attacks. (CVE-2015-0263)\n\nIt was found that Apache Camel performed XML External Entity (XXE)\nexpansion when evaluating invalid XML Strings or invalid XML GenericFile\nobjects. A remote attacker able to submit a crafted XML message could use\nthis flaw to read files accessible to the user running the application\nserver, and potentially perform other more advanced XXE attacks.\n(CVE-2015-0264)\n\nA flaw was found in the dashbuilder import facility: the DocumentBuilders\ninstantiated in org.jboss.dashboard.export.ImportManagerImpl did not\ndisable external entities. This could allow an attacker to perform a\nvariety of XML External Entity (XXE) and Server-Side Request Forgery (SSRF)\nattacks. (CVE-2015-1818)\n\nRed Hat would like to thank David Jorm of IIX Product Security for\nreporting the CVE-2015-1818 issue.\n\nAll users of Red Hat JBoss BPM Suite 6.1.0 as provided from the Red Hat\nCustomer Portal are advised to upgrade to Red Hat JBoss BPM Suite 6.1.2.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2015:1539",
        "url": "https://access.redhat.com/errata/RHSA-2015:1539"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite\u0026downloadType=securityPatches\u0026version=6.1.0",
        "url": "https://access.redhat.com/jbossnetwork/restricted/listSoftware.html?product=bpm.suite\u0026downloadType=securityPatches\u0026version=6.1.0"
      },
      {
        "category": "external",
        "summary": "1201714",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201714"
      },
      {
        "category": "external",
        "summary": "1203341",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
      },
      {
        "category": "external",
        "summary": "1203344",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2015/rhsa-2015_1539.json"
      }
    ],
    "title": "Red Hat Security Advisory: Red Hat JBoss BPM Suite 6.1.2 update",
    "tracking": {
      "current_release_date": "2024-11-05T18:58:33+00:00",
      "generator": {
        "date": "2024-11-05T18:58:33+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.1.1"
        }
      },
      "id": "RHSA-2015:1539",
      "initial_release_date": "2015-08-03T19:41:04+00:00",
      "revision_history": [
        {
          "date": "2015-08-03T19:41:04+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2019-02-20T12:35:41+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-05T18:58:33+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss BPMS 6.0",
                "product": {
                  "name": "Red Hat JBoss BPMS 6.0",
                  "product_id": "Red Hat JBoss BPMS 6.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_bpms:6.0"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Process Automation Manager"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-0263",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203344"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel\u0027s XML converter performed XML External Entity (XXE) expansion. A remote attacker able to submit an SAXSource containing an XXE declaration could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE in via SAXSource expansion",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss BPMS 6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203344",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203344"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0263",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-03T19:41:04+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss BPMS 6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1539"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss BPMS 6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE in via SAXSource expansion"
    },
    {
      "cve": "CVE-2015-0264",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-17T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1203341"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "It was found that Apache Camel performed XML External Entity (XXE) expansion when evaluating invalid XML Strings or invalid XML GenericFile objects. A remote attacker able to submit a crafted XML message could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Camel: XXE via XPath expression evaluation",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss BPMS 6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "RHBZ#1203341",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1203341"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-0264",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0264"
        },
        {
          "category": "external",
          "summary": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc",
          "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc"
        }
      ],
      "release_date": "2015-03-17T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-03T19:41:04+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss BPMS 6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1539"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss BPMS 6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "Camel: XXE via XPath expression evaluation"
    },
    {
      "acknowledgments": [
        {
          "names": [
            "David Jorm"
          ],
          "organization": "IIX Product Security"
        }
      ],
      "cve": "CVE-2015-1818",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "discovery_date": "2015-03-13T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1201714"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the dashbuilder import facility: the DocumentBuilders instantiated in org.jboss.dashboard.export.ImportManagerImpl did not disable external entities. This could allow an attacker to perform a variety of XML External Entity (XXE) and Server-Side Request Forgery (SSRF) attacks.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "dashbuilder: XXE/SSRF vulnerability",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat JBoss BPMS 6.0"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2015-1818"
        },
        {
          "category": "external",
          "summary": "RHBZ#1201714",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1201714"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2015-1818",
          "url": "https://www.cve.org/CVERecord?id=CVE-2015-1818"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2015-1818",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1818"
        }
      ],
      "release_date": "2015-03-13T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2015-08-03T19:41:04+00:00",
          "details": "The References section of this erratum contains a download link (you must\nlog in to download the update). Before applying the update, back up your\nexisting installation, including all applications, configuration files,\ndatabases and database settings, and so on.\n\nIt is recommended to halt the server by stopping the JBoss Application\nServer process before installing this update, and then after installing\nthe update, restart the server by starting the JBoss Application Server\nprocess.",
          "product_ids": [
            "Red Hat JBoss BPMS 6.0"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2015:1539"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "Red Hat JBoss BPMS 6.0"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "dashbuilder: XXE/SSRF vulnerability"
    }
  ]
}

{
  "GSD": {
    "alias": "CVE-2015-0263",
    "description": "XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.",
    "id": "GSD-2015-0263",
    "references": [
      "https://access.redhat.com/errata/RHSA-2015:2558",
      "https://access.redhat.com/errata/RHSA-2015:1539",
      "https://access.redhat.com/errata/RHSA-2015:1538",
      "https://access.redhat.com/errata/RHSA-2015:1041"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0263"
      ],
      "details": "XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.",
      "id": "GSD-2015-0263",
      "modified": "2023-12-13T01:19:58.807653Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2015-0263",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "RHSA-2015:1539",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1539.html"
          },
          {
            "name": "RHSA-2015:1041",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1041.html"
          },
          {
            "name": "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36",
            "refsource": "CONFIRM",
            "url": "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36"
          },
          {
            "name": "RHSA-2015:1538",
            "refsource": "REDHAT",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1538.html"
          },
          {
            "name": "1032442",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032442"
          },
          {
            "name": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc",
            "refsource": "CONFIRM",
            "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc"
          },
          {
            "name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
            "refsource": "MLIST",
            "url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,2.13.3],[2.14-alpha0,2.14.1]",
          "affected_versions": "All versions up to 2.13.3, all versions starting from 2.14-alpha0 up to 2.14.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2019-05-24",
          "description": "XML external entity (XXE) vulnerability in the XML converter setup in `converter/jaxp/XmlConverter.java` in this package allows remote attackers to read arbitrary files via an external entity in an SAXSource.",
          "fixed_versions": [
            "2.13.4",
            "2.14.2"
          ],
          "identifier": "CVE-2015-0263",
          "identifiers": [
            "CVE-2015-0263"
          ],
          "not_impacted": "All versions after 2.13.3 before 2.14-alpha0, all versions after 2.14.1",
          "package_slug": "maven/org.apache.camel/camel-core",
          "pubdate": "2015-06-03",
          "solution": "Upgrade to versions 2.13.4, 2.14.2 or above.",
          "title": "XXE in Apache Camel",
          "urls": [
            "http://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc?version=1\u0026modificationDate=1426539178000\u0026api=v2",
            "http://camel.apache.org/security-advisories.html",
            "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0263"
          ],
          "uuid": "0a117f5b-7287-4bf0-a483-5b062dcbadc6"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:camel:2.14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:camel:2.14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.13.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2015-0263"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc"
            },
            {
              "name": "1032442",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1032442"
            },
            {
              "name": "RHSA-2015:1041",
              "refsource": "REDHAT",
              "tags": [
                "Release Notes"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1041.html"
            },
            {
              "name": "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36"
            },
            {
              "name": "RHSA-2015:1538",
              "refsource": "REDHAT",
              "tags": [
                "Release Notes"
              ],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1538.html"
            },
            {
              "name": "RHSA-2015:1539",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1539.html"
            },
            {
              "name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "tags": [],
              "url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2019-05-24T11:29Z",
      "publishedDate": "2015-06-03T20:59Z"
    }
  }
}

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.camel:camel-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.13.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.camel:camel-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.14.0"
            },
            {
              "fixed": "2.14.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2015-0263"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-611"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T20:55:17Z",
    "nvd_published_at": null,
    "severity": "MODERATE"
  },
  "details": "XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.",
  "id": "GHSA-3hrc-f439-727g",
  "modified": "2022-11-17T18:38:58Z",
  "published": "2018-10-16T23:08:43Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0263"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/commit/06db9e0744f2bb9f6e3bf16c0dfe7099a3481558"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/commit/367d53e73c8b5a1e73c24423e631709f9a96e08d"
    },
    {
      "type": "WEB",
      "url": "https://github.com/apache/camel/commit/7d19340bcdb42f7aae584d9c5003ac4f7ddaee36"
    },
    {
      "type": "WEB",
      "url": "https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc"
    },
    {
      "type": "WEB",
      "url": "https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-3hrc-f439-727g"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/camel"
    },
    {
      "type": "WEB",
      "url": "https://issues.apache.org/jira/browse/CAMEL-8312"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1041.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1538.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1539.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032442"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [],
  "summary": "Apache Camel XML External Entity vulnerability"
}