Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt

http://seclists.org/oss-sec/2015/q1/427

http://www.securityfocus.com/bid/72510

https://exchange.xforce.ibmcloud.com/vulnerabilities/100722

https://issues.apache.org/jira/browse/AMQ-5333

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2022-28154 Vulnerability in maven package org.jenkins-ci.plugins:covcomplplot

CVE-2023-1584 Vulnerability in maven package io.quarkus:quarkus-oidc

CVE-2023-39152 Vulnerability in maven package org.jenkins-ci.plugins:gradle

CVE-2023-40177 Vulnerability in maven package org.xwiki.platform:xwiki-platform-appwithinminutes-ui

CVE-2021-26296 Vulnerability in maven package org.apache.myfaces.core:myfaces-core-project

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory VDB Entry Issue Tracking