| title | url | date | draft | type | cve | severity | summary | description | mitigation | credit | affected | fixed |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
Apache Camel Security Advisory - CVE-2013-4330 |
/security/CVE-2013-4330.html |
2013-10-04 06:55:09 -0700 |
false |
security-advisory |
CVE-2013-4330 |
CRITICAL |
Writing files using FILE or FTP components, can potentially be exploited by a malicious user. |
When sending an Exchange with the in Message Header 'CamelFileName' with a value of '$simple{...}' to a FILE or FTP producer, it will interpret the value as simple language expression which can be exploited by a malicious user. |
2.9.x users should upgrade to 2.9.8, 2.10.x users should upgrade to 2.10.7, 2.11.x users should upgrade to 2.11.2 and 2.12.0 users should upgrade to 2.12.1. This patch will be included from Camel 2.13.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=27a9752a565fbef436bac4fcf22d339e3295b2a0 |
This issue was discovered by Grégory Draperi |
2.9.0 up to 2.9.7, 2.10.0 up to 2.10.6, 2.11.0 up to 2.11.1, 2.12.0 |
2.9.8, 2.10.7, 2.11.2, 2.12.1 and newer |
Example: Create a simple route which moves files from one directory to another, e.g.:
from("file:c:/tmp/in")
.to("file:/c:/tmp/out");
If you are using Windows, create an file with a name like "$simple{<some malicious code>}" (without the quotes) and drop it into the "c:/tmp/in" directory. The file consumer will read and process this file. It will also set the Exchange in Message Header 'CamelFileName' with the value "$simple{<some malicious code>}". In the next step, the file producer will interpreted the value of this header as simple language expression and execute the malicious code.