Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-aard-mgx9-rff2
Vulnerability ID VCID-aard-mgx9-rff2
Aliases CVE-2015-0263
GHSA-3hrc-f439-727g
Summary XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-611 Improper Restriction of XML External Entity Reference
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1041.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1538.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1539.html
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
epss 0.0257 https://api.first.org/data/v1/epss?cve=CVE-2015-0263
generic_textual MODERATE https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-3hrc-f439-727g
generic_textual MODERATE https://github.com/advisories/GHSA-3hrc-f439-727g
generic_textual MODERATE https://github.com/apache/camel
generic_textual MODERATE https://github.com/apache/camel/commit/06db9e0744f2bb9f6e3bf16c0dfe7099a3481558
generic_textual MODERATE https://github.com/apache/camel/commit/367d53e73c8b5a1e73c24423e631709f9a96e08d
generic_textual MODERATE https://github.com/apache/camel/commit/7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
generic_textual MODERATE https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
generic_textual MODERATE https://issues.apache.org/jira/browse/CAMEL-8312
generic_textual MODERATE https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2015-0263
generic_textual MODERATE http://www.securitytracker.com/id/1032442
Reference id Reference type URL
http://camel.apache.org/security-advisories.html
http://rhn.redhat.com/errata/RHSA-2015-1041.html
http://rhn.redhat.com/errata/RHSA-2015-1538.html
http://rhn.redhat.com/errata/RHSA-2015-1539.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0263.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0263
https://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc
https://github.com/advisories/GHSA-3hrc-f439-727g
https://github.com/apache/camel
https://github.com/apache/camel/commit/06db9e0744f2bb9f6e3bf16c0dfe7099a3481558
https://github.com/apache/camel/commit/367d53e73c8b5a1e73c24423e631709f9a96e08d
https://github.com/apache/camel/commit/7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=7d19340bcdb42f7aae584d9c5003ac4f7ddaee36
https://issues.apache.org/jira/browse/CAMEL-8312
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2015-0263
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0263
http://www.securitytracker.com/id/1032442
1203344 https://bugzilla.redhat.com/show_bug.cgi?id=1203344
CVE-2015-0263.TXT.ASC?VERSION=1&MODIFICATIONDATE=1426539178000&API=V2 http://camel.apache.org/security-advisories.data/CVE-2015-0263.txt.asc?version=1&modificationDate=1426539178000&api=v2
RHSA-2015:1041 https://access.redhat.com/errata/RHSA-2015:1041
RHSA-2015:1538 https://access.redhat.com/errata/RHSA-2015:1538
RHSA-2015:1539 https://access.redhat.com/errata/RHSA-2015:1539
RHSA-2015:2558 https://access.redhat.com/errata/RHSA-2015:2558
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.85468
EPSS Score 0.0257
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:15.873769+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.0.0