Apache Camel CVE-2017-3159 Remote Code Execution Vulnerability

Apache Camel is prone to remote code-execution vulnerability.

Successfully exploiting this issue allows attackers to execute arbitrary code in the context of the affected application.

Apache Camel versions 2.17.0 through 2.17.4 and 2.18.0 through 2.18.1 are vulnerable.

Information

Bugtraq ID: 96321
Class: Unknown
CVE: CVE-2017-3159

Remote: Yes
Local: No
Published: Dec 08 2016 12:00AM
Updated: Apr 14 2017 12:04AM
Credit: The vendor reported this issue.
Vulnerable: Redhat JBoss Fuse 6.2
Apache Camel 2.18.1
Apache Camel 2.18
Apache Camel 2.17.4
Apache Camel 2.17

Not Vulnerable: Redhat JBoss Fuse 6.3
Apache Camel 2.18.2
Apache Camel 2.17.5

References:

• Bug 1420834 - (CVE-2017-3159) CVE-2017-3159 camel-snakeyaml: Unmarshalling oper (Redhat)
  
• Apache Camel Home Page (Apache Software Foundation)
  
• CVE-2017-3159: Apache Camel's Snakeyaml unmarshalling operation is vulnerable to (Apache)
  

Source: www.securityfocus.com