Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://seclists.org/oss-sec/2015/q1/427
http://www.securityfocus.com/bid/72510
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
https://issues.apache.org/jira/browse/AMQ-5333
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2019-10288 Vulnerability in maven package de.e-nexus:jabber-server-plugin
CVE-2011-5062 Vulnerability in maven package tomcat:catalina
CVE-2018-1000129 Vulnerability in maven package org.jolokia:jolokia-core
CVE-2020-1744 Vulnerability in maven package org.keycloak:keycloak-services
CVE-2022-1438 Vulnerability in maven package org.keycloak:keycloak-services