VulnerableCode Package Details - pkg:rpm/redhat/activemq@5.9.0-4.redhat.610328?arch=el6op

Search for packages

Vulnerability	Summary	Fixed by
VCID-423h-njb8-3uam Aliases: CVE-2013-4330 GHSA-x9fv-c87w-55wc	Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.	There are no reported fixed by versions.
VCID-5u1a-v9d1-rfac Aliases: CVE-2013-2035 GHSA-49j7-qghp-5wj8	Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.	There are no reported fixed by versions.
VCID-e7xv-sdvz-g7e4 Aliases: CVE-2013-4152 GHSA-rp4p-g69r-438x	The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.	There are no reported fixed by versions.
VCID-k4un-d8uk-ryhe Aliases: CVE-2014-0003 GHSA-h6rp-8v4j-hwph	The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-423h-njb8-3uam
Aliases:
CVE-2013-4330
GHSA-x9fv-c87w-55wc

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

There are no reported fixed by versions.

VCID-5u1a-v9d1-rfac
Aliases:
CVE-2013-2035
GHSA-49j7-qghp-5wj8

Race condition in hawtjni-runtime/src/main/java/org/fusesource/hawtjni/runtime/Library.java in HawtJNI before 1.8, when a custom library path is not specified, allows local users to execute arbitrary Java code by overwriting a temporary JAR file with a predictable name in /tmp.

There are no reported fixed by versions.

VCID-e7xv-sdvz-g7e4
Aliases:
CVE-2013-4152
GHSA-rp4p-g69r-438x

The Spring OXM wrapper in Spring Framework before 3.2.4 and 4.0.0.M1, when using the JAXB marshaller, does not disable entity resolution, which allows context-dependent attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via an XML external entity declaration in conjunction with an entity reference in a (1) DOMSource, (2) StAXSource, (3) SAXSource, or (4) StreamSource, aka an XML External Entity (XXE) issue.

There are no reported fixed by versions.

VCID-k4un-d8uk-ryhe
Aliases:
CVE-2014-0003
GHSA-h6rp-8v4j-hwph

The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:51:19.086863+00:00	RedHat Importer	Affected by	VCID-5u1a-v9d1-rfac	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2035.json	38.0.0
2026-04-01T14:50:16.428972+00:00	RedHat Importer	Affected by	VCID-e7xv-sdvz-g7e4	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4152.json	38.0.0
2026-04-01T14:50:09.886911+00:00	RedHat Importer	Affected by	VCID-423h-njb8-3uam	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4330.json	38.0.0
2026-04-01T14:48:38.372558+00:00	RedHat Importer	Affected by	VCID-k4un-d8uk-ryhe	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0003.json	38.0.0