6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.011 Low
EPSS
Percentile
82.7%
Apache Camel is a versatile open-source integration framework based on
known Enterprise Integration Patterns.
A flaw was found in Apache Camel’s parsing of the FILE_NAME header. A
remote attacker able to submit messages to a Camel route, which would write
the provided message to a file, could provide expression language (EL)
expressions in the FILE_NAME header that would be evaluated on the
server. This could lead to arbitrary remote code execution in the context
of the Camel server process. (CVE-2013-4330)
All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this update.