| -----BEGIN PGP SIGNED MESSAGE----- |
| Hash: SHA1 |
| |
| CVE-2014-0002: Apache Camel critical disclosure vulnerability
|
|
|
| Severity: Critical
|
|
|
| Vendor: The Apache Software Foundation
|
|
|
| Versions Affected: Camel 2.11.0 to 2.11.3, Camel 2.12.0 to 2.12.2
|
| The unsupported Camel 2.3.x, 2.4.x, 2.5.x, 2.6.x, 2.7.x, 2.8.x, 2.9.x and 2.10.x versions may be also affected.
|
|
|
| Description: The Apache Camel XSLT component will resolve entities in XML messages when transforming them using an xslt route. A remote attacker able to submit messages to an xslt route could use this flaw to read files accessible to the running application server and potentially perform other more advanced XXE attacks.
|
|
|
| Mitigation: 2.11.x users should upgrade to 2.11.4, 2.12.x users should upgrade to 2.12.3. This patch will be included from Camel 2.13.0: https://git-wip-us.apache.org/repos/asf?p=camel.git;a=commitdiff;h=341d4e6cca71c53c90962d1c3d45fc9e05cc50c6
|
|
|
| Example: Create a simple route which receives an HTTP request, apply a (safe) stylesheet and store the result in a file:
|
| <route>
|
| <from uri="servlet:///hello"/>
|
| <to uri="xslt:file:/tmp/transform.xsl" />
|
| <to uri="file:/tmp/output" />
|
| </route>
|
|
|
| If an attacker is able to submit a message to this route, they can provide a message that is an XML document containing external entities. These entities will be resolved, and their contents included in the output of the transformation performed by the xslt route.
|
|
|
| Credit: This issue was discovered by David Jorm.
|
|
|
| References: http://camel.apache.org/security-advisories.html
|
| -----BEGIN PGP SIGNATURE----- |
| Version: GnuPG/MacGPG2 v2.0.22 (Darwin) |
| Comment: GPGTools - http://gpgtools.org |
| |
| iQIcBAEBAgAGBQJTENZhAAoJEImh9lEqI5wsukkP/2q4Tr9N2NMWYu9+5YYrpSST |
| TWnhcE7QGVOu3ITRp0WslzzJoa6Dl1q1XB7NRiV9CrHrUAk/GMaMo0M51ezaYUOq |
| +8HfiHpVbU+frk67bbTCceSug1xLsCb1upD0LUvM28siimMme2lmZtZuzKwYws2o |
| dG3gqIIgBYxl6Z6tKb7BIqQobsiK/50q5iZ1Z7PLT1hNrJvnBh0N6wgqfSPM0CLj |
| 1NBN1xLJufcooT5pMYSXq8UAKvp9x7CymUTk/b/xbTGE5e8T/XNKAuXoe1/XRfMO |
| mETrN11hQdrEtflK9uOwHhDOu2SvsBBjBmDGY90K/Da1d1Hjued2Uaz3qGf4nQ9F |
| SVVLKfB4Z6VZkNqyjZ8JZjdJGWtrLMeixUxoGLKp8S2SXHG9HTfxh0a9GD7g3vfj |
| hO10B3qJKeWcVnBru4tRy/lmPfmCw28gizR4KEej4YFiPDFp60Z2Rxxsz5dHyOq6 |
| fUkOcCsMmLUoj1i3YoIcFDos8ZPl6Zuu1xkmOxq+hslixaT9ROUwfuIkV8lRofgT |
| c1A2Ao5FZu0UK7uR81TNflbTCy+4q7Wojfs6LMydU9VjcGkCl+ES2q9mtv3BE6rN |
| r69g5lba6ooyZEqPNvDGwTznQVUiHM5roaEooDYnTSU4FhT56isTANqaGncIXCnZ |
| t3sXFGy7PXvfxxpeKHTb |
| =VJ0D |
| -----END PGP SIGNATURE----- |