Red Hat Security Advisory 2014-0124-01 - Apache Camel is a versatile open-source integration framework based on known Enterprise Integration Patterns. A flaw was found in Apache Camel's parsing of the FILE_NAME header. A remote attacker able to submit messages to a Camel route, which would write the provided message to a file, could provide expression language expressions in the FILE_NAME header that would be evaluated on the server. This could lead to arbitrary remote code execution in the context of the Camel server process. All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the Red Hat Customer Portal are advised to apply this update.
6b5de573b4efbf33e08e0dd89c9ba0e4332d534ab60be7b5382c9263c949b033