National Vulnerability Database

National Vulnerability Database

National Vulnerability

Vulnerability Change Record for CVE-2016-9571

Change History

CVE Modified by [Source] - 3/28/2017 9:59:01 PM

Action Type Old Value New Value
Changed Display Vulnerability
Changed Description
Apache Camel's camel-jackson and camel-jacksonxml components are vulnerable to Java object de-serialization vulnerability. Camel allows to specify such a type through the 'CamelJacksonUnmarshalType' property. De-serializing untrusted data can lead to security flaws as demonstrated in various similar reports about Java de-serialization issues.
** REJECT **  DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2016-9606.  Reason: This candidate is a duplicate of CVE-2016-9606.  Reason: this ID was intended for one issue, but was associated with two issues.  Notes: All CVE users should reference CVE-2016-9606 instead of this candidate.  All references and descriptions in this candidate have been removed to prevent accidental usage.
Removed Reference [Vendor Advisory]
Removed Reference [No Types Assigned]
Removed CWE
Removed CVSS V2
Removed CVSS V3
Removed CPE Configuration
     *cpe:2.3:a:apache:camel:2.14.4:*:*:*:*:*:*:* (and previous)