exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 7 of 7 RSS Feed

CVE-2013-4330

Status Candidate

Overview

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

Related Files

Red Hat Security Advisory 2014-0254-01
Posted Mar 6, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0254-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
SHA-256 | 582404ee5321477d2cb59fc61c8baa71cc260fc0e66a6ea75d31f89c594e8b4a
Red Hat Security Advisory 2014-0245-01
Posted Mar 3, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0245-01 - Apache ActiveMQ provides a SOA infrastructure to connect processes across heterogeneous systems. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header, which would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. It was found that the Apache Camel XSLT component allowed XSL stylesheets to call external Java methods. A remote attacker able to submit messages to a Camel route could use this flaw to perform arbitrary remote code execution in the context of the Camel server process.

tags | advisory, java, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-2035, CVE-2013-4152, CVE-2013-4330, CVE-2014-0003
SHA-256 | 2e94e8a1c355505c1954424496b8001a3e24d262909aa6bd71a8c6f8c99b3696
Red Hat Security Advisory 2014-0140-01
Posted Feb 5, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0140-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of the affected products as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4330
SHA-256 | bc81dc060c390772a5b1a581a7e8a45b6cf676ad3b0ee4a9c285540cd86c822d
Red Hat Security Advisory 2014-0124-01
Posted Jan 31, 2014
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.

tags | advisory, remote, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4330
SHA-256 | 6b5de573b4efbf33e08e0dd89c9ba0e4332d534ab60be7b5382c9263c949b033
Red Hat Security Advisory 2013-1862-01
Posted Dec 22, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1862-01 - Fuse ESB Enterprise is an integration platform based on Apache ServiceMix. Fuse MQ Enterprise, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. This release of Fuse ESB Enterprise/MQ Enterprise 7.1.0 R1 P1 is an update to Fuse ESB Enterprise 7.1.0 and Fuse MQ Enterprise 7.1.0. It includes bug fixes.

tags | advisory
systems | linux, redhat
advisories | CVE-2013-1768, CVE-2013-4221, CVE-2013-4271, CVE-2013-4330, CVE-2013-4372
SHA-256 | cc87f20cac05b2c2a2ca841231613b725778a23e0f081c95d5e236ae38911461
Red Hat Security Advisory 2013-1410-01
Posted Oct 7, 2013
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2013-1410-01 - Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ, is a standards compliant messaging system that is tailored for use in mission critical applications. Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 is an update to Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0. This update addresses the following security issues: Restlet applications which use ObjectRepresentation to map HTTP request data directly to an object deserialize arbitrary user-provided XML using XMLDecoder. It was found that XMLDecoder deserialized an attacker-provided definition of a class and executed its methods. A remote attacker could use this flaw to perform arbitrary remote code execution in the context of the server running the Restlet application.

tags | advisory, remote, web, arbitrary, code execution
systems | linux, redhat
advisories | CVE-2013-4221, CVE-2013-4271, CVE-2013-4330
SHA-256 | a24fddd4e2ba4576b30f95a9dbb4f56350f5ec1ec9fc44a697a1fa670279e6f0
Apache Camel 2.x Critical Disclosure
Posted Sep 30, 2013
Authored by Gregory Draperi

Apache Camel versions 2.9.0 to 2.9.7, 2.10.0 to 2.10.6, 2.11.0 to 2.11.1, and 2.12.0 suffers from a remote command execution vulnerability based on how message headers are interpreted.

tags | advisory, remote, info disclosure
advisories | CVE-2013-4330
SHA-256 | 1f20fed4bf0aae4159245be3336a4b327d8066c6bab740968ed8bf4deb7260c6
Page 1 of 1
Back1Next

File Archive:

July 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    52 Files
  • 2
    Jul 2nd
    0 Files
  • 3
    Jul 3rd
    0 Files
  • 4
    Jul 4th
    0 Files
  • 5
    Jul 5th
    0 Files
  • 6
    Jul 6th
    0 Files
  • 7
    Jul 7th
    0 Files
  • 8
    Jul 8th
    0 Files
  • 9
    Jul 9th
    0 Files
  • 10
    Jul 10th
    0 Files
  • 11
    Jul 11th
    0 Files
  • 12
    Jul 12th
    0 Files
  • 13
    Jul 13th
    0 Files
  • 14
    Jul 14th
    0 Files
  • 15
    Jul 15th
    0 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close