Описание
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat JBoss Enterprise Web Server 1 | amq-6.0 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-6.0 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-esb-7.1 | Affected | ||
| Red Hat JBoss Enterprise Web Server 1 | fuse-mq-7.1 | Affected | ||
| Fuse ESB Enterprise 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Fuse Management Console 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Fuse MQ Enterprise 7.1.0 | Fixed | RHSA-2013:1862 | 19.12.2013 | |
| Red Hat JBoss A-MQ 6.0 | Fixed | RHSA-2013:1410 | 07.10.2013 | |
| Red Hat JBoss BPMS 6.0 | Camel | Fixed | RHSA-2014:0140 | 05.02.2014 |
| Red Hat JBoss BRMS 6.0 | Camel | Fixed | RHSA-2014:0140 | 05.02.2014 |
Показывать по
10
Дополнительная информация
Статус:
Important
https://bugzilla.redhat.com/show_bug.cgi?id=1011726Camel: remote code execution via header field manipulation
6.8 Medium
CVSS2
Связанные уязвимости
nvd
больше 12 лет назад
Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
6.8 Medium
CVSS2