exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2013-4330

Status Candidate

Overview

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

Related Files

Red Hat Security Advisory 2014-0254-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0254-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
SHA-256 | 582404ee5321477d2cb59fc61c8baa71cc260fc0e66a6ea75d31f89c594e8b4a
Red Hat Security Advisory 2014-0245-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0245-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
SHA-256 | 2e94e8a1c355505c1954424496b8001a3e24d262909aa6bd71a8c6f8c99b3696
Red Hat Security Advisory 2014-0140-01
Posted Feb 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0140-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of the affected products as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4330
SHA-256 | bc81dc060c390772a5b1a581a7e8a45b6cf676ad3b0ee4a9c285540cd86c822d
Red Hat Security Advisory 2014-0124-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4330
SHA-256 | 6b5de573b4efbf33e08e0dd89c9ba0e4332d534ab60be7b5382c9263c949b033
Red Hat Security Advisory 2013-1862-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1862-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-1768, CVE-2013-4221, CVE-2013-4271, CVE-2013-4330, CVE-2013-4372
SHA-256 | cc87f20cac05b2c2a2ca841231613b725778a23e0f081c95d5e236ae38911461
Red Hat Security Advisory 2013-1410-01
Posted Oct 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1410-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0. This update addresses the following security issues: Restlet applications which use ObjectRepresentation to map HTTP request data directly to an object deserialize arbitrary user-provided XML using XMLDecoder. It was found that XMLDecoder deserialized an attacker-provided definition of a class and executed its methods. A remote attacker could use this flaw to perform arbitrary remote code execution in the context of the server running the Restlet application.

tags | advisory, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4221, CVE-2013-4271, CVE-2013-4330
SHA-256 | a24fddd4e2ba4576b30f95a9dbb4f56350f5ec1ec9fc44a697a1fa670279e6f0
Apache Camel 2.x Critical Disclosure
Posted Sep 30, 2013
Authored by Gregory Draperi

Apache Camel versions 2.9.0 to 2.9.7, 2.10.0 to 2.10.6, 2.11.0 to 2.11.1, and 2.12.0 suffers from a remote command execution vulnerability based on how message headers are interpreted.

tags | advisory, remote, info disclosure
advisories | CVE-2013-4330
SHA-256 | 1f20fed4bf0aae4159245be3336a4b327d8066c6bab740968ed8bf4deb7260c6
Page 1 of 1
Back1Next

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close