CVE-2014-3600 Vulnerability in maven package org.apache.activemq:activemq-core

Description

XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt

http://seclists.org/oss-sec/2015/q1/427

http://www.securityfocus.com/bid/72510

https://exchange.xforce.ibmcloud.com/vulnerabilities/100722

https://issues.apache.org/jira/browse/AMQ-5333

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2023-42278 Vulnerability in maven package cn.hutool:hutool-core

CVE-2023-30522 Vulnerability in maven package org.jenkins-ci.plugins:fogbugz

CVE-2020-6423 Vulnerability in npm package electron

CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-util

CVE-2020-13951 Vulnerability in maven package org.apache.openmeetings:openmeetings-server

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H