{
  "threat_severity" : "Moderate",
  "public_date" : "2014-02-28T00:00:00Z",
  "bugzilla" : {
    "description" : "Camel: XML eXternal Entity (XXE) flaw in XSLT component",
    "id" : "1049675",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1049675"
  },
  "cvss" : {
    "cvss_base_score" : "5.0",
    "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-611",
  "details" : [ "The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue." ],
  "acknowledgement" : "This issue was discovered by David Jorm (Red Hat Security Response Team).",
  "affected_release" : [ {
    "product_name" : "Fuse ESB Enterprise 7.1.0",
    "release_date" : "2014-04-30T00:00:00Z",
    "advisory" : "RHSA-2014:0452",
    "cpe" : "cpe:/a:redhat:fuse_esb_enterprise:7.1.0"
  }, {
    "product_name" : "Fuse Management Console 7.1.0",
    "release_date" : "2014-04-30T00:00:00Z",
    "advisory" : "RHSA-2014:0452",
    "cpe" : "cpe:/a:redhat:fuse_management_console:7.1.0"
  }, {
    "product_name" : "Fuse MQ Enterprise 7.1.0",
    "release_date" : "2014-04-30T00:00:00Z",
    "advisory" : "RHSA-2014:0452",
    "cpe" : "cpe:/a:redhat:fuse_mq_enterprise:7.1.0"
  }, {
    "product_name" : "Red Hat JBoss A-MQ 6.0",
    "release_date" : "2014-03-24T00:00:00Z",
    "advisory" : "RHSA-2014:0323",
    "cpe" : "cpe:/a:redhat:jboss_amq:6.0.0"
  }, {
    "product_name" : "Red Hat JBoss BPMS 6.0",
    "release_date" : "2014-04-03T00:00:00Z",
    "advisory" : "RHSA-2014:0371",
    "cpe" : "cpe:/a:redhat:jboss_bpms:6.0",
    "package" : "Camel"
  }, {
    "product_name" : "Red Hat JBoss BRMS 6.0",
    "release_date" : "2014-04-03T00:00:00Z",
    "advisory" : "RHSA-2014:0372",
    "cpe" : "cpe:/a:redhat:jboss_brms:6.0",
    "package" : "Camel"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6.0",
    "release_date" : "2014-03-24T00:00:00Z",
    "advisory" : "RHSA-2014:0323",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6.0.0"
  }, {
    "product_name" : "Red Hat JBoss Fuse Service Works 6.0",
    "release_date" : "2014-04-30T00:00:00Z",
    "advisory" : "RHSA-2014:0459",
    "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6.0",
    "package" : "Camel"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Enterprise 1",
    "fix_state" : "Will not fix",
    "package_name" : "camel",
    "cpe" : "cpe:/a:redhat:openshift:1"
  }, {
    "product_name" : "Red Hat OpenShift Enterprise 2",
    "fix_state" : "Will not fix",
    "package_name" : "camel",
    "cpe" : "cpe:/a:redhat:openshift:2"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-0002\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-0002\nhttp://camel.apache.org/security-advisories.data/CVE-2014-0002.txt.asc" ],
  "name" : "CVE-2014-0002",
  "csaw" : false
}