Description

XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messages.

Remediation

References

http://activemq.apache.org/security-advisories.data/CVE-2014-3579-announcement.txt

http://seclists.org/oss-sec/2015/q1/428

http://www.securityfocus.com/bid/72508

https://exchange.xforce.ibmcloud.com/vulnerabilities/100721

https://issues.apache.org/jira/browse/APLO-366

https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E

Related Vulnerabilities

CVE-2023-47324 Vulnerability in maven package org.silverpeas.core:silverpeas-core-rs

CVE-2023-50779 Vulnerability in maven package com.cloudtp.jenkins:paaslane-estimate

CVE-2022-25883 Vulnerability in maven package org.webjars.npm:semver

CVE-2022-41940 Vulnerability in maven package org.webjars.bower:engine.io

CVE-2013-6397 Vulnerability in maven package org.apache.solr:solr-core

Severity

Critical

Classification

CWE-611 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory Mailing List Third Party Advisory VDB Entry Issue Tracking