CVE-2014-3579 Vulnerability in maven package org.apache.activemq:apollo-selector

Description

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt

http://seclists.org/oss-sec/2015/q1/428

http://www.securityfocus.com/bid/72508

https://exchange.xforce.ibmcloud.com/vulnerabilities/100721

https://issues.apache.org/jira/browse/APLO-366

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2021-23266 Vulnerability in maven package org.craftercms:crafter-engine

CVE-2020-2289 Vulnerability in maven package org.biouno:uno-choice

CVE-2023-34212 Vulnerability in maven package org.apache.nifi:nifi-jms-processors

CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle-jaxrs

CVE-2019-10447 Vulnerability in maven package io.jenkins.plugins:sofy-ai

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H