Bug 1011726 (CVE-2013-4330) - CVE-2013-4330 Camel: remote code execution via header field manipulation
Summary: CVE-2013-4330 Camel: remote code execution via header field manipulation
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-4330
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1011678 1011695 (view as bug list)
Depends On: 1051969 1051970 1051971 1056925 1056926
Blocks: 996321 1012225 1015403 1059975
TreeView+ depends on / blocked
 
Reported: 2013-09-25 01:30 UTC by Chess Hazlett
Modified: 2019-09-29 13:08 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-03-06 06:18:52 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:1410 0 normal SHIPPED_LIVE Important: Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 2013-10-07 21:14:44 UTC
Red Hat Product Errata RHSA-2013:1862 0 normal SHIPPED_LIVE Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update 2013-12-20 03:49:32 UTC
Red Hat Product Errata RHSA-2014:0124 0 normal SHIPPED_LIVE Important: Apache Camel security update 2014-01-31 01:19:10 UTC
Red Hat Product Errata RHSA-2014:0140 0 normal SHIPPED_LIVE Important: Apache Camel security update 2014-02-05 22:42:18 UTC
Red Hat Product Errata RHSA-2014:0245 0 normal SHIPPED_LIVE Important: activemq security update 2014-03-03 23:25:38 UTC
Red Hat Product Errata RHSA-2014:0254 0 normal SHIPPED_LIVE Important: activemq security update 2014-03-06 00:05:16 UTC

Description Chess Hazlett 2013-09-25 01:30:42 UTC 
A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language (EL) expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process.

External References:

https://issues.apache.org/jira/browse/CAMEL-6734
https://issues.apache.org/jira/browse/CAMEL-6748
Comment 1 Chess Hazlett 2013-09-25 01:43:56 UTC 
*** Bug 995275 has been marked as a duplicate of this bug. ***
Comment 2 Chess Hazlett 2013-09-25 01:45:11 UTC 
*** Bug 1011695 has been marked as a duplicate of this bug. ***
Comment 3 Chess Hazlett 2013-09-25 01:45:52 UTC 
*** Bug 1011678 has been marked as a duplicate of this bug. ***
Comment 6 Vincent Danen 2013-09-30 19:17:39 UTC 
External References:

http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc
Comment 7 errata-xmlrpc 2013-10-07 17:19:17 UTC 
This issue has been addressed in following products:

  Red Hat JBoss Fuse 6.0.0
  Red Hat JBoss A-MQ 6.0.0

Via RHSA-2013:1410 https://rhn.redhat.com/errata/RHSA-2013-1410.html
Comment 8 errata-xmlrpc 2013-12-19 22:50:53 UTC 
This issue has been addressed in following products:

  Fuse ESB Enterprise 7.1.0
  Fuse MQ Enterprise 7.1.0

Via RHSA-2013:1862 https://rhn.redhat.com/errata/RHSA-2013-1862.html
Comment 11 errata-xmlrpc 2014-01-30 20:19:47 UTC 
This issue has been addressed in following products:

  Red Hat JBoss Fuse Service Works 6.0.0

Via RHSA-2014:0124 https://rhn.redhat.com/errata/RHSA-2014-0124.html
Comment 12 errata-xmlrpc 2014-02-05 17:43:27 UTC 
This issue has been addressed in following products:

  Red Hat JBoss BRMS 6.0.0
  Red Hat JBoss BPMS 6.0.0

Via RHSA-2014:0140 https://rhn.redhat.com/errata/RHSA-2014-0140.html
Comment 13 errata-xmlrpc 2014-03-03 18:26:39 UTC 
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise 2.0

Via RHSA-2014:0245 https://rhn.redhat.com/errata/RHSA-2014-0245.html
Comment 14 errata-xmlrpc 2014-03-05 19:06:06 UTC 
This issue has been addressed in following products:

  RHEL 6 Version of OpenShift Enterprise 1.2

Via RHSA-2014:0254 https://rhn.redhat.com/errata/RHSA-2014-0254.html
Note You need to log in before you can comment on or make changes to this bug.