Description
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.
Remediation
References
http://activemq.apache.org/security-advisories.data/CVE-2014-3600-announcement.txt
http://seclists.org/oss-sec/2015/q1/427
http://www.securityfocus.com/bid/72510
https://exchange.xforce.ibmcloud.com/vulnerabilities/100722
https://issues.apache.org/jira/browse/AMQ-5333
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
Related Vulnerabilities
CVE-2023-42278 Vulnerability in maven package cn.hutool:hutool-core
CVE-2023-30522 Vulnerability in maven package org.jenkins-ci.plugins:fogbugz
CVE-2020-6423 Vulnerability in npm package electron
CVE-2016-3092 Vulnerability in maven package org.apache.tomcat:tomcat-util
CVE-2020-13951 Vulnerability in maven package org.apache.openmeetings:openmeetings-server