製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache Camel における任意の Simple 言語式を実行される脆弱性

Title	Apache Camel における任意の Simple 言語式を実行される脆弱性
Summary	Apache Camel には、任意のSimple 言語式を実行される脆弱性が存在します。
Possible impacts	第三者により、(1) FILE または (2) FTP プロデューサ (producer) に CamelFileName メッセージヘッダ内の "$simple{}" が含まれることで、任意の Simple 言語式を実行される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Sept. 30, 2013, midnight
Registration Date	Oct. 9, 2013, 2:51 p.m.
Last Update	Aug. 10, 2015, 5:31 p.m.

CVSS2.0 : 警告
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P

Affected System

Apache Software Foundation

Apache Camel 2.10.7 未満の 2.10.0

Apache Camel 2.11.2 未満の 2.11.0

Apache Camel 2.12.0

Apache Camel 2.9.7 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2013-4330	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4330
National Vulnerability Database (NVD)
2	CVE-2013-4330	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4330

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-94	https://jvndb.jvn.jp/ja/cwe/CWE-94.html

ベンダー情報

No	Name	URL
Apache Camel
1	Apache Camel critical disclosure vulnerability	http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943
Red Hat Security Advisory
2	RHSA-2013:1862	http://rhn.redhat.com/errata/RHSA-2013-1862.html
3	RHSA-2014:0245	https://rhn.redhat.com/errata/RHSA-2014-0254.html
4	RHSA-2014:0254	https://rhn.redhat.com/errata/RHSA-2014-0245.html

その他

No	Name	URL
関連文書
1	Secunia Advisory SA54888	http://secunia.com/advisories/54888

Change Log

No	Changed Details	Date of change
0	[2013年10月09日] 掲載 [2014年02月18日] ベンダ情報：レッドハット (RHSA-2013:1862) を追加 [2015年08月10日] ベンダ情報：レッドハット (RHSA-2014:0245) を追加ベンダ情報：レッドハット (RHSA-2014:0254) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2013-4330

Summary	Apache Camel before 2.9.7, 2.10.0 before 2.10.7, 2.11.0 before 2.11.2, and 2.12.0 allows remote attackers to execute arbitrary simple language expressions by including "$simple{}" in a CamelFileName message header to a (1) FILE or (2) FTP producer.
Publication Date	Oct. 5, 2013, 2:55 a.m.
Registration Date	Jan. 26, 2021, 3:43 p.m.
Last Update	Nov. 21, 2024, 10:55 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:camel:1.1.0:::::::*
cpe:2.3:a:apache:camel:2.9.4:::::::*
cpe:2.3:a:apache:camel:2.0.0:::::::*
cpe:2.3:a:apache:camel:1.4.0:::::::*
cpe:2.3:a:apache:camel:2.7.1:::::::*
cpe:2.3:a:apache:camel:2.10.6:::::::*
cpe:2.3:a:apache:camel:2.7.2:::::::*
cpe:2.3:a:apache:camel:2.8.6:::::::*
cpe:2.3:a:apache:camel:1.2.0:::::::*
cpe:2.3:a:apache:camel:2.2.0:::::::*
cpe:2.3:a:apache:camel:1.6.2:::::::*
cpe:2.3:a:apache:camel:2.10.0:::::::*
cpe:2.3:a:apache:camel:2.4.0:::::::*
cpe:2.3:a:apache:camel:2.11.0:::::::*
cpe:2.3:a:apache:camel:2.9.0:::::::*
cpe:2.3:a:apache:camel:2.7.5:::::::*
cpe:2.3:a:apache:camel:2.8.3:::::::*
cpe:2.3:a:apache:camel:1.0.0:::::::*
cpe:2.3:a:apache:camel:2.3.0:::::::*
cpe:2.3:a:apache:camel:2.9.1:::::::*
cpe:2.3:a:apache:camel:2.8.0:::::::*
cpe:2.3:a:apache:camel:2.9.5:::::::*
cpe:2.3:a:apache:camel:2.10.4:::::::*
cpe:2.3:a:apache:camel:1.5.0:::::::*
cpe:2.3:a:apache:camel:2.10.1:::::::*
cpe:2.3:a:apache:camel:2.12.0:::::::*
cpe:2.3:a:apache:camel:1.6.1:::::::*
cpe:2.3:a:apache:camel::::::::		2.9.6
cpe:2.3:a:apache:camel:2.8.4:::::::*
cpe:2.3:a:apache:camel:1.6.4:::::::*
cpe:2.3:a:apache:camel:2.9.2:::::::*
cpe:2.3:a:apache:camel:2.10.3:::::::*
cpe:2.3:a:apache:camel:2.7.0:::::::*
cpe:2.3:a:apache:camel:2.8.1:::::::*
cpe:2.3:a:apache:camel:2.7.4:::::::*
cpe:2.3:a:apache:camel:2.10.5:::::::*
cpe:2.3:a:apache:camel:1.6.0:::::::*
cpe:2.3:a:apache:camel:1.3.0:::::::*
cpe:2.3:a:apache:camel:2.11.1:::::::*
cpe:2.3:a:apache:camel:1.6.3:::::::*
cpe:2.3:a:apache:camel:2.7.3:::::::*
cpe:2.3:a:apache:camel:2.9.3:::::::*
cpe:2.3:a:apache:camel:2.1.0:::::::*
cpe:2.3:a:apache:camel:2.5.0:::::::*
cpe:2.3:a:apache:camel:2.6.0:::::::*
cpe:2.3:a:apache:camel:2.8.5:::::::*
cpe:2.3:a:apache:camel:2.10.2:::::::*
cpe:2.3:a:apache:camel:2.8.2:::::::*
cpe:2.3:a:apache:camel:2.0.0:milestone1::::::
cpe:2.3:a:apache:camel:2.0.0:milestone2::::::
cpe:2.3:a:apache:camel:2.0.0:milestone3::::::

Related information, measures and tools

No	URL	タグ
1	http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943	Vendor Advisory
2	http://camel.apache.org/security-advisories.data/CVE-2013-4330.txt.asc?version=1&modificationDate=1380535446943	Vendor Advisory
3	http://osvdb.org/97941
4	http://osvdb.org/97941
5	http://packetstormsecurity.com/files/123454/
6	http://packetstormsecurity.com/files/123454/
7	http://rhn.redhat.com/errata/RHSA-2013-1862.html
8	http://rhn.redhat.com/errata/RHSA-2013-1862.html
9	http://rhn.redhat.com/errata/RHSA-2014-0124.html
10	http://rhn.redhat.com/errata/RHSA-2014-0124.html
11	http://rhn.redhat.com/errata/RHSA-2014-0140.html
12	http://rhn.redhat.com/errata/RHSA-2014-0140.html
13	http://rhn.redhat.com/errata/RHSA-2014-0245.html
14	http://rhn.redhat.com/errata/RHSA-2014-0245.html
15	http://rhn.redhat.com/errata/RHSA-2014-0254.html
16	http://rhn.redhat.com/errata/RHSA-2014-0254.html
17	http://seclists.org/fulldisclosure/2013/Sep/178
18	http://seclists.org/fulldisclosure/2013/Sep/178
19	http://secunia.com/advisories/54888	Vendor Advisory
20	http://secunia.com/advisories/54888	Vendor Advisory
21	https://exchange.xforce.ibmcloud.com/vulnerabilities/87542
22	https://exchange.xforce.ibmcloud.com/vulnerabilities/87542
23	https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
24	https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
25	https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E
26	https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-94	コード・インジェクション	https://cwe.mitre.org/data/definitions/94.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:camel:1.1.0:::::::*
cpe:2.3:a:apache:camel:2.9.4:::::::*
cpe:2.3:a:apache:camel:2.0.0:::::::*
cpe:2.3:a:apache:camel:1.4.0:::::::*
cpe:2.3:a:apache:camel:2.7.1:::::::*
cpe:2.3:a:apache:camel:2.10.6:::::::*
cpe:2.3:a:apache:camel:2.7.2:::::::*
cpe:2.3:a:apache:camel:2.8.6:::::::*
cpe:2.3:a:apache:camel:1.2.0:::::::*
cpe:2.3:a:apache:camel:2.2.0:::::::*
cpe:2.3:a:apache:camel:1.6.2:::::::*
cpe:2.3:a:apache:camel:2.10.0:::::::*
cpe:2.3:a:apache:camel:2.4.0:::::::*
cpe:2.3:a:apache:camel:2.11.0:::::::*
cpe:2.3:a:apache:camel:2.9.0:::::::*
cpe:2.3:a:apache:camel:2.7.5:::::::*
cpe:2.3:a:apache:camel:2.8.3:::::::*
cpe:2.3:a:apache:camel:1.0.0:::::::*
cpe:2.3:a:apache:camel:2.3.0:::::::*
cpe:2.3:a:apache:camel:2.9.1:::::::*
cpe:2.3:a:apache:camel:2.8.0:::::::*
cpe:2.3:a:apache:camel:2.9.5:::::::*
cpe:2.3:a:apache:camel:2.10.4:::::::*
cpe:2.3:a:apache:camel:1.5.0:::::::*
cpe:2.3:a:apache:camel:2.10.1:::::::*
cpe:2.3:a:apache:camel:2.12.0:::::::*
cpe:2.3:a:apache:camel:1.6.1:::::::*
cpe:2.3:a:apache:camel::::::::		2.9.6
cpe:2.3:a:apache:camel:2.8.4:::::::*
cpe:2.3:a:apache:camel:1.6.4:::::::*
cpe:2.3:a:apache:camel:2.9.2:::::::*
cpe:2.3:a:apache:camel:2.10.3:::::::*
cpe:2.3:a:apache:camel:2.7.0:::::::*
cpe:2.3:a:apache:camel:2.8.1:::::::*
cpe:2.3:a:apache:camel:2.7.4:::::::*
cpe:2.3:a:apache:camel:2.10.5:::::::*
cpe:2.3:a:apache:camel:1.6.0:::::::*
cpe:2.3:a:apache:camel:1.3.0:::::::*
cpe:2.3:a:apache:camel:2.11.1:::::::*
cpe:2.3:a:apache:camel:1.6.3:::::::*
cpe:2.3:a:apache:camel:2.7.3:::::::*
cpe:2.3:a:apache:camel:2.9.3:::::::*
cpe:2.3:a:apache:camel:2.1.0:::::::*
cpe:2.3:a:apache:camel:2.5.0:::::::*
cpe:2.3:a:apache:camel:2.6.0:::::::*
cpe:2.3:a:apache:camel:2.8.5:::::::*
cpe:2.3:a:apache:camel:2.10.2:::::::*
cpe:2.3:a:apache:camel:2.8.2:::::::*
cpe:2.3:a:apache:camel:2.0.0:milestone1::::::
cpe:2.3:a:apache:camel:2.0.0:milestone2::::::
cpe:2.3:a:apache:camel:2.0.0:milestone3::::::