Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2013:1410
HistoryOct 07, 2013 - 12:00 a.m.

(RHSA-2013:1410) Important: Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4

2013-10-0700:00:00
access.redhat.com
14

0.017 Low

EPSS

Percentile

87.8%

JSON

Red Hat JBoss Fuse 6.0.0, based on Apache ServiceMix, provides an
integration platform. Red Hat JBoss A-MQ 6.0.0, based on Apache ActiveMQ,
is a standards compliant messaging system that is tailored for use in
mission critical applications.

Red Hat JBoss Fuse/A-MQ 6.0.0 patch 4 is an update to Red Hat JBoss Fuse
6.0.0 and Red Hat JBoss A-MQ 6.0.0. This update addresses the following
security issues:

Restlet applications which use ObjectRepresentation to map HTTP request
data directly to an object deserialize arbitrary user-provided XML using
XMLDecoder. It was found that XMLDecoder deserialized an attacker-provided
definition of a class and executed its methods. A remote attacker could use
this flaw to perform arbitrary remote code execution in the context of the
server running the Restlet application. (CVE-2013-4221)

A flaw was found in the way Restlet handled deserialization. Restlet
applications which use ObjectRepresentation to map HTTP request data
directly to an object deserialize arbitrary user-provided serialized
data. A remote attacker could use this flaw to trigger the execution of the
deserialization methods in any serializable class deployed on the server.
This could lead to a variety of security impacts depending on the
deserialization logic of these classes. (CVE-2013-4271)

A flaw was found in Apache Camel’s parsing of the FILE_NAME header. A
remote attacker able to submit messages to a Camel route, which would write
the provided message to a file, could provide expression language (EL)
expressions in the FILE_NAME header, which would be evaluated on the
server. This could lead to arbitrary remote code execution in the context
of the Camel server process. (CVE-2013-4330)

The CVE-2013-4271 issue was discovered by David Jorm of the Red Hat
Security Response Team.

This update also corrected a problem with installing JBoss Fuse 6.0.0 patch
3. When the pax-url-maven-commons bundle was installed in the container,
the installation would fail with a null pointer error. With this update,
the installation does not fail.

All users of Red Hat JBoss Fuse 6.0.0 and Red Hat JBoss A-MQ 6.0.0 as
provided from the Red Hat Customer Portal are advised to apply this patch.

Related

nvd 3
cve 3
veracode 2
osv 3
prion 3
github 3
cvelist 3
ubuntucve 2
redhat 4
nessus 2
ibm 2
avleonov 1
nvd
nvd
CVE-2013-4271
2013-10-10 00:55:14
CVE-2013-4330
2013-10-04 17:55:09
CVE-2013-4221
2013-10-10 00:55:14
cve
cve
CVE-2013-4271
2013-10-10 00:55:14
CVE-2013-4330
2013-10-04 17:55:09
CVE-2013-4221
2013-10-10 00:55:14
veracode
veracode
Arbitrary Code Execution
2019-07-12 06:19:18
Arbitrary Code Execution
2019-07-12 06:19:18
osv
osv
Restlet Arbitrary Java Code Execution via a serialized object
2022-05-17 03:28:57
Improper Control of Generation of Code in Apache Camel
2022-05-13 01:26:34
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
2022-05-17 03:28:12
prion
prion
Default configuration
2013-10-10 00:55:00
Code injection
2013-10-04 17:55:00
Default configuration
2013-10-10 00:55:00
github
github
Restlet Arbitrary Java Code Execution via a serialized object
2022-05-17 03:28:57
Improper Control of Generation of Code in Apache Camel
2022-05-13 01:26:34
Restlet is vulnerable to Arbitrary Java Code Execution via crafted XML
2022-05-17 03:28:12
cvelist
cvelist
CVE-2013-4271
2013-10-10 00:00:00
CVE-2013-4330
2013-10-04 17:00:00
CVE-2013-4221
2013-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2013-4271
2013-10-10 00:00:00
CVE-2013-4221
2013-10-10 00:00:00
redhat
redhat
(RHSA-2013:1862) Important: Fuse ESB Enterprise/Fuse MQ Enterprise 7.1.0 update
2013-12-19 00:00:00
(RHSA-2014:0124) Important: Apache Camel security update
2014-01-30 20:12:53
(RHSA-2014:0245) Important: activemq security update
2014-03-03 00:00:00
nessus
nessus
RHEL 6 : activemq (RHSA-2014:0254)
2018-12-04 00:00:00
RHEL 6 : activemq (RHSA-2014:0245)
2018-12-04 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in Apache Camel core affect IBM Application Performance Management products
2023-09-25 09:06:33
Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Apache Camel
2023-03-07 05:15:04
avleonov
avleonov
CWEs in NVD CVE feed: analysis and complaints
2017-10-21 14:10:30

0.017 Low

EPSS

Percentile

87.8%

JSON
Related for RHSA-2013:1410
nvd3cve3veracode2osv3prion3github3cvelist3ubuntucve2redhat4nessus2ibm2avleonov1