Lucene search
Redhat.comRH:CVE-2020-11971HistoryJun 18, 2020 - 11:25 a.m.
CVE-2020-11971
2020-06-1811:25:05
redhat.com
access.redhat.com
19
EPSS
0.001
Percentile
49.8%
Apache Camel’s JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
Mitigation
The JMX instrumentation agent is the vulnerable component in this, if not being used it can be disabled in the following ways
-
As a Java system property -
-Dorg.apache.camel.jmx.disabled=trueas java system property -
Using the CamelContext method -
java
CamelContext camel = new DefaultCamelContext();
camel.disableJMX(); -
If using spring altering the spring configuration -
xml
<camelContext id=“camel” xmlns=“http://camel.apache.org/schema/spring”>
<jmxAgent id=“agent” disabled=“true”/>
…
</camelContext>
Related
github
github
Improper Input Validation in Apache Camel
2021-05-21 19:20:30
osv
osv
Improper Input Validation in Apache Camel
2021-05-21 19:20:30
CVE-2020-11971
2020-05-14 17:15:12
prion
prion
Design/Logic Flaw
2020-05-14 17:15:00
ibm
ibm
nvd
nvd
CVE-2020-11971
2020-05-14 17:15:12
cve
cve
CVE-2020-11971
2020-05-14 17:15:12
veracode
veracode
JMX Rebind Flaw
2020-05-15 07:15:35
cvelist
cvelist
CVE-2020-11971
2020-05-14 16:18:41
redhat
redhat
(RHSA-2020:5568) Important: Red Hat Fuse 7.8.0 release and security update
2020-12-16 12:07:05
oracle
oracle
Oracle Critical Patch Update Advisory - January 2021
2021-01-19 00:00:00
Oracle Critical Patch Update Advisory - October 2020
2020-10-20 00:00:00
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00