National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Vulnerability Change Record for CVE-2016-9571

Change History

CVE Modified by [Source] - 3/28/2017 9:59:01 PM

Action Type Old Value New Value
Changed Display Vulnerability
true
false
Changed Description
Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.
** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-9606.  Reason: This candidate is a duplicate of CVE-2016-9606.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should reference CVE-2016-9606 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.
Removed Reference
http://camel.apache.org/security-advisories.data/CVE-2016-8749.txt.asc?version=2&modificationDate=1486565034000&api=v2 [Vendor Advisory]
Removed Reference
http://www.securityfocus.com/bid/94940 [No Types Assigned]
Removed CWE
CWE-502
Removed CVSS V2
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Removed CVSS V3
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Removed CPE Configuration
OR
     *cpe:2.3:a:apache:camel:2.14.4:*:*:*:*:*:*:* (and previous)
     *cpe:2.3:a:apache:camel:2.16.0:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.16.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.16.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.16.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.16.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.17.0:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.17.1:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.17.2:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.17.3:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.17.4:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.18.0:*:*:*:*:*:*:*
     *cpe:2.3:a:apache:camel:2.18.1:*:*:*:*:*:*:*