Apache Camel CVE-2018-8041 Directory Traversal Vulnerability

Apache Camel is prone to a directory-traversal vulnerability.

A remote attacker could exploit the vulnerability using directory-traversal characters ('../') to access arbitrary files that contain sensitive information.
Apache Camel 2.20.0 through 2.20.3, Camel 2.21.0 through 2.21.1 and Camel 2.22.0 are vulnerable.

Information

Bugtraq ID: 105352
Class: Input Validation Error
CVE: CVE-2018-8041

Remote: Yes
Local: No
Published: Sep 17 2018 12:00AM
Updated: Sep 17 2018 12:00AM
Credit: The vendor reported this issue.
Vulnerable: Apache Camel 2.22
Apache Camel 2.21.1
Apache Camel 2.21
Apache Camel 2.20.3
Apache Camel 2.20.1
Apache Camel 2.20

Not Vulnerable: Apache Camel 2.22.1
Apache Camel 2.21.2
Apache Camel 2.20.4

Exploit

An attacker can exploit this issue using a web browser.

References:

• Apache Homepage (Apache)
  
• CVE-2018-8041: Apache Camel's Mail is vulnerable to path traversal (Apache Software Foundation)
  

Source: www.securityfocus.com