CVE Database

CVE-2013-4330

Impact: Important
Public: 2013-09-30
Bugzilla: 1011726: CVE-2013-4330 Camel: remote code execution via header field manipulation

Details

The MITRE CVE dictionary describes this issue as:

Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.

Find out more about CVE-2013-4330 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 6.8
Base Metrics: AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Fuse ESB Enterprise 7.1.0 RHSA-2013:1862 December 19, 2013
Fuse MQ Enterprise 7.1.0 RHSA-2013:1862 December 19, 2013
Fuse Management Console 7.1.0 RHSA-2013:1862 December 19, 2013
RHOSE Client 1.2 (activemq) RHSA-2014:0254 March 05, 2014
RHOSE Client 2.0 (activemq) RHSA-2014:0245 March 03, 2014
Red Hat JBoss A-MQ 6.0 RHSA-2013:1410 October 07, 2013
Red Hat JBoss BPMS 6.0 RHSA-2014:0140 February 05, 2014
Red Hat JBoss BRMS 6.0 RHSA-2014:0140 February 05, 2014
Red Hat JBoss Fuse 6.0 RHSA-2013:1410 October 07, 2013
Red Hat JBoss Fuse Service Works 6.0 RHSA-2014:0124 January 30, 2014

External References

http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.