camel-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From acosent...@apache.org
Subject [camel] 06/14: Security Advisories: Porting to docs
Date Wed, 12 Sep 2018 11:47:38 GMT
This is an automated email from the ASF dual-hosted git repository.

acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git

commit b9205b5212151d575cfe578b690aeab9fec31aeb
Author: Andrea Cosentino <ancosen@gmail.com>
AuthorDate: Wed Sep 12 13:41:39 2018 +0200

    Security Advisories: Porting to docs
---
 .../en/security-advisories/CVE-2015-5348.txt.asc   | 37 ++++++++++++++++++++++
 1 file changed, 37 insertions(+)

diff --git a/docs/user-manual/en/security-advisories/CVE-2015-5348.txt.asc b/docs/user-manual/en/security-advisories/CVE-2015-5348.txt.asc
new file mode 100644
index 0000000..e68d46c
--- /dev/null
+++ b/docs/user-manual/en/security-advisories/CVE-2015-5348.txt.asc
@@ -0,0 +1,37 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA512
+
+CVE-2015-5348: Apache Camel medium disclosure vulnerability
+
+Severity: MEDIUM
+
+Vendor: The Apache Software Foundation
+
+Versions Affected: Camel 2.15.0 to 2.15.4, Camel 2.16.0
+The unsupported Camel 2.6.x, 2.7.x, 2.8.x, 2.9.x, 2.10.x, 2.11.x, 2.12.x, 2.13.x, and 2.14.x
are also affected.
+
+Description: Apache Camel's Jetty/Servlet usage is vulnerable to Java object de-serialisation
vulnerability
+
+If using camel-jetty, or camel-servlet as a consumer in Camel routes, then Camel will automatic
de-serialize HTTP requests that uses the content-header: application/x-java-serialized-object.

+
+Mitigation: 2.15.x users should upgrade to 2.15.5, 2.16.0 users should upgrade to 2.16.1.
+The JIRA ticket: https://issues.apache.org/jira/browse/CAMEL-9309 refers to the various commits
that resovoled the issue.
+
+Credit: This issue was discovered by Sim Yih Tsern.
+-----BEGIN PGP SIGNATURE-----
+Comment: GPGTools - https://gpgtools.org
+
+iQIcBAEBCgAGBQJWcnDDAAoJEN1wUKdrQA9pc2IQANO6MRTi2J5xjWrNJ9vFGMEK
+5Mm6SXnn0KAYp/ET2WxBfe7D9V+WpcmGejost+7zhixKZ6sqo9uaQ45JRd5Ce6vg
+gOfcJVEp0tJWtfR3Tgzpe9x8iL76zrRHlFlUFlo3w09AfA3H/ogeV+jE7in6P/Fu
+JNlDWdbmV/WbflaqU643uo6/kScuE5Nzmhdon7QLnztirCzkFSXgx9t9+2mc9X+t
+FfliGvIxM54nZ/RR13SeE0BFh4KS2+kEZRivB3fyRMl3pwWzU3pYxYJt81AsupJb
+razSEon5281M2G1zaZK8ng/6P3bHACHkOYK6ivsdkQ4zg4YKnShU1nkX2BBBXXrd
+dhn5ilcmA65R4jq7Vzk9D3QwwN9Io+0OPdca1WeT79qLpCqlkMOuJQFE6hIfVoQe
+sTmz5QIoPyQIWP1tPQS+QzSDx+zNlqte4t48wRkTqXuja/sfi5JzuXtDJwBjGt+L
+FO1oA2CEoaiCzOdCVthvZrNBsgYCig7dmeKaYzVRCm1oYHkwd7hCvsg261uOSTHJ
+glZrmn3FT/G7qx6MaNLXQD6UZ5XMwx5ToSnILCORDf2UH8sEtyJfkJtIOIQxTeh4
++vV9GYDxNOV/rpqfxcYzyIcfcGK2R4MaoAdLx4RSJoZSz88N2372pTs4pZGAmS7K
+cXFnb/HjMssv62nffgkE
+=Qn8/
+-----END PGP SIGNATURE-----


Mime
View raw message