Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-m8hb-4rwu-jkcy
Vulnerability ID VCID-m8hb-4rwu-jkcy
Aliases CVE-2015-0264
GHSA-mhx2-r3jx-g94c
Summary Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-611 Improper Restriction of XML External Entity Reference
System Score Found at
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1041.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1538.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2015-1539.html
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
epss 0.02016 https://api.first.org/data/v1/epss?cve=CVE-2015-0264
generic_textual MODERATE https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
generic_textual MODERATE http://securitytracker.com/id/1032442
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-mhx2-r3jx-g94c
generic_textual MODERATE https://github.com/advisories/GHSA-mhx2-r3jx-g94c
generic_textual MODERATE https://github.com/apache/camel
generic_textual MODERATE https://github.com/apache/camel/commit/7360aada5154434c68774aa30e0f21ddc5f27b9f
generic_textual MODERATE https://github.com/apache/camel/commit/b47b51a195b38e7ab7c099d19910af70a16638f6
generic_textual MODERATE https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
generic_textual MODERATE https://issues.apache.org/jira/browse/CAMEL-8312
generic_textual MODERATE https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
generic_textual MODERATE https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2015-0264
Reference id Reference type URL
http://camel.apache.org/security-advisories.html
http://rhn.redhat.com/errata/RHSA-2015-1041.html
http://rhn.redhat.com/errata/RHSA-2015-1538.html
http://rhn.redhat.com/errata/RHSA-2015-1539.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-0264.json
https://api.first.org/data/v1/epss?cve=CVE-2015-0264
https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc
http://securitytracker.com/id/1032442
https://github.com/advisories/GHSA-mhx2-r3jx-g94c
https://github.com/apache/camel
https://github.com/apache/camel/commit/1df559649a96a1ca0368373387e542f46e4820da
https://github.com/apache/camel/commit/7360aada5154434c68774aa30e0f21ddc5f27b9f
https://github.com/apache/camel/commit/b47b51a195b38e7ab7c099d19910af70a16638f6
https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=1df559649a96a1ca0368373387e542f46e4820da
https://issues.apache.org/jira/browse/CAMEL-8312
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2015-0264
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0264
1203341 https://bugzilla.redhat.com/show_bug.cgi?id=1203341
CVE-2015-0264.TXT.ASC?VERSION=1&MODIFICATIONDATE=1426539191000&API=V2 https://camel.apache.org/security-advisories.data/CVE-2015-0264.txt.asc?version=1&modificationDate=1426539191000&api=v2
RHSA-2015:1041 https://access.redhat.com/errata/RHSA-2015:1041
RHSA-2015:1538 https://access.redhat.com/errata/RHSA-2015:1538
RHSA-2015:1539 https://access.redhat.com/errata/RHSA-2015:1539
RHSA-2015:2558 https://access.redhat.com/errata/RHSA-2015:2558
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.83669
EPSS Score 0.02016
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T12:38:16.798334+00:00 ProjectKB MSRImporter Import https://raw.githubusercontent.com/SAP/project-kb/master/MSR2019/dataset/vulas_db_msr2019_release.csv 38.0.0