Bug 1011726 - (CVE-2013-4330) CVE-2013-4330 Camel: remote code execution via header field manipulation
CVE-2013-4330 Camel: remote code execution via header field manipulation
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20130930,repo...
: Reopened, Security
: 1011678 1011695 (view as bug list)
Depends On: 1051969 1051970 1051971 1056925 1056926
Blocks: 996321 1012225 1015403 1059975
  Show dependency treegraph
 
Reported: 2013-09-24 21:30 EDT by Chess Hazlett
Modified: 2014-03-06 01:18 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-03-06 01:18:52 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Chess Hazlett 2013-09-24 21:30:42 EDT
A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language (EL) expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process.

External References:

https://issues.apache.org/jira/browse/CAMEL-6734
https://issues.apache.org/jira/browse/CAMEL-6748
Comment 1 Chess Hazlett 2013-09-24 21:43:56 EDT
*** Bug 995275 has been marked as a duplicate of this bug. ***
Comment 2 Chess Hazlett 2013-09-24 21:45:11 EDT
*** Bug 1011695 has been marked as a duplicate of this bug. ***
Comment 3 Chess Hazlett 2013-09-24 21:45:52 EDT
*** Bug 1011678 has been marked as a duplicate of this bug. ***
Comment 6 Vincent Danen 2013-09-30 15:17:39 EDT
External References:

http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc
Comment 7 errata-xmlrpc 2013-10-07 13:19:17 EDT
This issue has been addressed in following products:

  Red Hat JBoss Fuse 6.0.0
  Red Hat JBoss A-MQ 6.0.0

Via RHSA-2013:1410 https://rhn.redhat.com/errata/RHSA-2013-1410.html
Comment 8 errata-xmlrpc 2013-12-19 17:50:53 EST
This issue has been addressed in following products:

  Fuse ESB Enterprise 7.1.0
  Fuse MQ Enterprise 7.1.0

Via RHSA-2013:1862 https://rhn.redhat.com/errata/RHSA-2013-1862.html
Comment 11 errata-xmlrpc 2014-01-30 15:19:47 EST
This issue has been addressed in following products:

  Red Hat JBoss Fuse Service Works 6.0.0

Via RHSA-2014:0124 https://rhn.redhat.com/errata/RHSA-2014-0124.html
Comment 12 errata-xmlrpc 2014-02-05 12:43:27 EST
This issue has been addressed in following products:

  Red Hat JBoss BRMS 6.0.0
  Red Hat JBoss BPMS 6.0.0

Via RHSA-2014:0140 https://rhn.redhat.com/errata/RHSA-2014-0140.html
Comment 13 errata-xmlrpc 2014-03-03 13:26:39 EST
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise 2.0

Via RHSA-2014:0245 https://rhn.redhat.com/errata/RHSA-2014-0245.html
Comment 14 errata-xmlrpc 2014-03-05 14:06:06 EST
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise 1.2

Via RHSA-2014:0254 https://rhn.redhat.com/errata/RHSA-2014-0254.html

Note You need to log in before you can comment on or make changes to this bug.