SB2019050307 - Path traversal in Apache Camel
Published: May 3, 2019 Updated: June 12, 2019
Security Bulletin ID
SB2019050307
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Path traversal (CVE-ID: CVE-2019-0194)
The vulnerability allows a remote attacker to perform directory traversal attacks.
The vulnerability exists due to input validation error when processing directory traversal sequences. A remote attacker can send a specially crafted HTTP request and read arbitrary files on the system.
Remediation
Install update from vendor's website.
References
- http://www.openwall.com/lists/oss-security/2019/04/30/2
- http://www.securityfocus.com/bid/108181
- https://lists.apache.org/thread.html/0a163d02169d3d361150e8183df4af33f1a3d8a419b2937ac8e6c66f@%3Cusers.camel.apache.org%3E
- https://lists.apache.org/thread.html/0cb842f367336b352a7548e290116b64b78b8e7b99402deaba81a687@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/45e23ade8d3cb754615f95975e89e8dc73c59eeac914f07d53acbac6@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/9a6bc022f7ab28e4894b1831ce336eb41ae6d5c24d86646fe16e956f@%3Ccommits.camel.apache.org%3E
- https://lists.apache.org/thread.html/a39441db574ee996f829344491b3211b53c9ed926f00ae5d88943b76@%3Cdev.camel.apache.org%3E
- https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E