Description

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

https://issues.apache.org/jira/browse/APLO-366

https://exchange.xforce.ibmcloud.com/vulnerabilities/100721

http://www.securityfocus.com/bid/72508

http://seclists.org/oss-sec/2015/q1/428

http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2020-7701 Vulnerability in npm package madlib-object-utils

CVE-2023-0044 Vulnerability in maven package io.quarkus:quarkus-security-webauthn

CVE-2023-45282 Vulnerability in npm package openmct

CVE-2022-4350 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2022-31139 Vulnerability in maven package io.github.karlatemp:unsafe-accessor

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Issue Tracking Third Party Advisory VDB Entry Mailing List Vendor Advisory