Apache Camel is a versatile open-source integration framework based on
known Enterprise Integration Patterns.
A flaw was found in Apache Camel’s parsing of the FILE_NAME header. A
remote attacker able to submit messages to a Camel route, which would write
the provided message to a file, could provide expression language (EL)
expressions in the FILE_NAME header that would be evaluated on the
server. This could lead to arbitrary remote code execution in the context
of the Camel server process. (CVE-2013-4330)
All users of Red Hat JBoss Fuse Service Works 6.0.0 as provided from the
Red Hat Customer Portal are advised to apply this update.